cobaltstrike | cd466d7cb87cc35b5c57c705b68bc6dd689018c10da50e75ccf91de3ae8bef8a

Analysis

max time kernel
132s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

1b52fa11266e1b8e7ea14472260e48b0
SHA1

23949bf62aea458364108177731817ac14fc6f14
SHA256

cd466d7cb87cc35b5c57c705b68bc6dd689018c10da50e75ccf91de3ae8bef8a
SHA512

bc3d6d595c1d37153f33933e556ca3bdefa34a6017ea1f298eec4c8dc256bd4e344b2534347fba9c1f0e5a18a4232a8190a4e513a923b1bba85cf9ae624bdd06
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x00080000000240b6-5.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240bb-11.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ba-13.dat	cobalt_reflective_dll
behavioral2/files/0x00080000000240b7-24.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240bd-28.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240be-35.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240bf-41.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c1-53.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c5-78.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c6-84.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c7-91.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c8-103.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240cc-126.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ce-138.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d0-153.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d2-168.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d3-186.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d9-211.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d7-209.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d8-206.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d6-204.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d5-199.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d4-193.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d1-171.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240cf-159.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240cd-144.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240cb-129.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ca-122.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c9-112.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c4-81.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c3-72.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c2-63.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c0-51.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4008-0-0x00007FF730350000-0x00007FF7306A4000-memory.dmp	xmrig
behavioral2/files/0x00080000000240b6-5.dat	xmrig
behavioral2/memory/5040-7-0x00007FF6CFF30000-0x00007FF6D0284000-memory.dmp	xmrig
behavioral2/files/0x00070000000240bb-11.dat	xmrig
behavioral2/memory/1400-12-0x00007FF74FA40000-0x00007FF74FD94000-memory.dmp	xmrig
behavioral2/files/0x00070000000240ba-13.dat	xmrig
behavioral2/memory/1560-20-0x00007FF7B4F70000-0x00007FF7B52C4000-memory.dmp	xmrig
behavioral2/files/0x00080000000240b7-24.dat	xmrig
behavioral2/files/0x00070000000240bd-28.dat	xmrig
behavioral2/memory/2840-25-0x00007FF684650000-0x00007FF6849A4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240be-35.dat	xmrig
behavioral2/files/0x00070000000240bf-41.dat	xmrig
behavioral2/files/0x00070000000240c1-53.dat	xmrig
behavioral2/memory/3560-55-0x00007FF61D510000-0x00007FF61D864000-memory.dmp	xmrig
behavioral2/memory/5020-62-0x00007FF6E4C50000-0x00007FF6E4FA4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240c5-78.dat	xmrig
behavioral2/files/0x00070000000240c6-84.dat	xmrig
behavioral2/files/0x00070000000240c7-91.dat	xmrig
behavioral2/files/0x00070000000240c8-103.dat	xmrig
behavioral2/files/0x00070000000240cc-126.dat	xmrig
behavioral2/files/0x00070000000240ce-138.dat	xmrig
behavioral2/files/0x00070000000240d0-153.dat	xmrig
behavioral2/files/0x00070000000240d2-168.dat	xmrig
behavioral2/files/0x00070000000240d3-186.dat	xmrig
behavioral2/files/0x00070000000240d9-211.dat	xmrig
behavioral2/files/0x00070000000240d7-209.dat	xmrig
behavioral2/files/0x00070000000240d8-206.dat	xmrig
behavioral2/files/0x00070000000240d6-204.dat	xmrig
behavioral2/files/0x00070000000240d5-199.dat	xmrig
behavioral2/memory/3776-198-0x00007FF617380000-0x00007FF6176D4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240d4-193.dat	xmrig
behavioral2/memory/3976-192-0x00007FF6959A0000-0x00007FF695CF4000-memory.dmp	xmrig
behavioral2/memory/4476-191-0x00007FF770FA0000-0x00007FF7712F4000-memory.dmp	xmrig
behavioral2/memory/2932-185-0x00007FF6E0790000-0x00007FF6E0AE4000-memory.dmp	xmrig
behavioral2/memory/4596-184-0x00007FF6FFFD0000-0x00007FF700324000-memory.dmp	xmrig
behavioral2/memory/1768-183-0x00007FF6A9A00000-0x00007FF6A9D54000-memory.dmp	xmrig
behavioral2/memory/1028-174-0x00007FF6733E0000-0x00007FF673734000-memory.dmp	xmrig
behavioral2/memory/3628-173-0x00007FF7A97F0000-0x00007FF7A9B44000-memory.dmp	xmrig
behavioral2/files/0x00070000000240d1-171.dat	xmrig
behavioral2/memory/3252-165-0x00007FF75CDA0000-0x00007FF75D0F4000-memory.dmp	xmrig
behavioral2/memory/5084-164-0x00007FF77D970000-0x00007FF77DCC4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240cf-159.dat	xmrig
behavioral2/memory/4636-158-0x00007FF790CC0000-0x00007FF791014000-memory.dmp	xmrig
behavioral2/memory/1112-157-0x00007FF643700000-0x00007FF643A54000-memory.dmp	xmrig
behavioral2/memory/4864-156-0x00007FF73EF90000-0x00007FF73F2E4000-memory.dmp	xmrig
behavioral2/memory/4632-150-0x00007FF7BCB70000-0x00007FF7BCEC4000-memory.dmp	xmrig
behavioral2/memory/3624-149-0x00007FF718730000-0x00007FF718A84000-memory.dmp	xmrig
behavioral2/files/0x00070000000240cd-144.dat	xmrig
behavioral2/memory/3544-143-0x00007FF6328C0000-0x00007FF632C14000-memory.dmp	xmrig
behavioral2/memory/2584-142-0x00007FF627160000-0x00007FF6274B4000-memory.dmp	xmrig
behavioral2/memory/1268-141-0x00007FF62E870000-0x00007FF62EBC4000-memory.dmp	xmrig
behavioral2/memory/3148-132-0x00007FF72D700000-0x00007FF72DA54000-memory.dmp	xmrig
behavioral2/memory/5020-131-0x00007FF6E4C50000-0x00007FF6E4FA4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240cb-129.dat	xmrig
behavioral2/memory/3976-125-0x00007FF6959A0000-0x00007FF695CF4000-memory.dmp	xmrig
behavioral2/memory/3560-124-0x00007FF61D510000-0x00007FF61D864000-memory.dmp	xmrig
behavioral2/files/0x00070000000240ca-122.dat	xmrig
behavioral2/memory/4476-118-0x00007FF770FA0000-0x00007FF7712F4000-memory.dmp	xmrig
behavioral2/memory/5112-117-0x00007FF6AD5D0000-0x00007FF6AD924000-memory.dmp	xmrig
behavioral2/files/0x00070000000240c9-112.dat	xmrig
behavioral2/memory/1768-111-0x00007FF6A9A00000-0x00007FF6A9D54000-memory.dmp	xmrig
behavioral2/memory/1320-108-0x00007FF677D50000-0x00007FF6780A4000-memory.dmp	xmrig
behavioral2/memory/3628-102-0x00007FF7A97F0000-0x00007FF7A9B44000-memory.dmp	xmrig
behavioral2/memory/5084-95-0x00007FF77D970000-0x00007FF77DCC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5040	TYdyDmY.exe
1400	OIfSprH.exe
1560	hCYBsoZ.exe
2840	fSKEKfS.exe
2432	lUvhaKq.exe
636	SNQJsda.exe
1320	DBNCCda.exe
5112	HHupkIg.exe
3560	CzcDEPs.exe
5020	coeORCU.exe
1268	AFjhVnc.exe
3624	QurzsLl.exe
4632	ZSWTyQo.exe
1112	OuyyrUs.exe
5084	XJrghbL.exe
3628	xlOqJOf.exe
1768	YutgBBs.exe
4476	JzbXswq.exe
3976	xFtqgAJ.exe
3148	VKwqqoz.exe
2584	BJhEJFD.exe
3544	BXtAArj.exe
4864	uGuKkCI.exe
4636	dDZzNIC.exe
3252	UUuIZCm.exe
1028	aiMSqAy.exe
4596	hAVrwjz.exe
2932	HYyQdKI.exe
3776	ZUYwRPj.exe
3216	ZqAuJpZ.exe
2108	ckbsobw.exe
2236	smisEas.exe
816	DwEzwCE.exe
1316	BsDSpIg.exe
4776	AwZElPq.exe
5000	HNZrSAM.exe
3196	rHTtvWe.exe
2344	cdQYGgC.exe
4868	PidvPpp.exe
3844	DoTHChZ.exe
1740	uLIJYwl.exe
3288	XYrhXSd.exe
2448	QCAXcbu.exe
3400	hnccxrH.exe
1736	umqKMkg.exe
5104	soSiuKJ.exe
4620	wXDZVxh.exe
4512	UCLNZhF.exe
4140	uoNYdLi.exe
2816	zxuFFwS.exe
1116	nuikUYi.exe
1824	nCWdKNE.exe
220	oRgDQUP.exe
4588	EPqKgpQ.exe
3792	ewqLvZA.exe
3676	piLvMEV.exe
4028	hANsJmZ.exe
1464	lHcFnJK.exe
5124	gVxWxyw.exe
5152	ccdfLHt.exe
5180	ZCSBlrp.exe
5208	HFgdKWi.exe
5236	anlYrfn.exe
5264	IsjBPAO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4008-0-0x00007FF730350000-0x00007FF7306A4000-memory.dmp	upx
behavioral2/files/0x00080000000240b6-5.dat	upx
behavioral2/memory/5040-7-0x00007FF6CFF30000-0x00007FF6D0284000-memory.dmp	upx
behavioral2/files/0x00070000000240bb-11.dat	upx
behavioral2/memory/1400-12-0x00007FF74FA40000-0x00007FF74FD94000-memory.dmp	upx
behavioral2/files/0x00070000000240ba-13.dat	upx
behavioral2/memory/1560-20-0x00007FF7B4F70000-0x00007FF7B52C4000-memory.dmp	upx
behavioral2/files/0x00080000000240b7-24.dat	upx
behavioral2/files/0x00070000000240bd-28.dat	upx
behavioral2/memory/2840-25-0x00007FF684650000-0x00007FF6849A4000-memory.dmp	upx
behavioral2/files/0x00070000000240be-35.dat	upx
behavioral2/files/0x00070000000240bf-41.dat	upx
behavioral2/files/0x00070000000240c1-53.dat	upx
behavioral2/memory/3560-55-0x00007FF61D510000-0x00007FF61D864000-memory.dmp	upx
behavioral2/memory/5020-62-0x00007FF6E4C50000-0x00007FF6E4FA4000-memory.dmp	upx
behavioral2/files/0x00070000000240c5-78.dat	upx
behavioral2/files/0x00070000000240c6-84.dat	upx
behavioral2/files/0x00070000000240c7-91.dat	upx
behavioral2/files/0x00070000000240c8-103.dat	upx
behavioral2/files/0x00070000000240cc-126.dat	upx
behavioral2/files/0x00070000000240ce-138.dat	upx
behavioral2/files/0x00070000000240d0-153.dat	upx
behavioral2/files/0x00070000000240d2-168.dat	upx
behavioral2/files/0x00070000000240d3-186.dat	upx
behavioral2/files/0x00070000000240d9-211.dat	upx
behavioral2/files/0x00070000000240d7-209.dat	upx
behavioral2/files/0x00070000000240d8-206.dat	upx
behavioral2/files/0x00070000000240d6-204.dat	upx
behavioral2/files/0x00070000000240d5-199.dat	upx
behavioral2/memory/3776-198-0x00007FF617380000-0x00007FF6176D4000-memory.dmp	upx
behavioral2/files/0x00070000000240d4-193.dat	upx
behavioral2/memory/3976-192-0x00007FF6959A0000-0x00007FF695CF4000-memory.dmp	upx
behavioral2/memory/4476-191-0x00007FF770FA0000-0x00007FF7712F4000-memory.dmp	upx
behavioral2/memory/2932-185-0x00007FF6E0790000-0x00007FF6E0AE4000-memory.dmp	upx
behavioral2/memory/4596-184-0x00007FF6FFFD0000-0x00007FF700324000-memory.dmp	upx
behavioral2/memory/1768-183-0x00007FF6A9A00000-0x00007FF6A9D54000-memory.dmp	upx
behavioral2/memory/1028-174-0x00007FF6733E0000-0x00007FF673734000-memory.dmp	upx
behavioral2/memory/3628-173-0x00007FF7A97F0000-0x00007FF7A9B44000-memory.dmp	upx
behavioral2/files/0x00070000000240d1-171.dat	upx
behavioral2/memory/3252-165-0x00007FF75CDA0000-0x00007FF75D0F4000-memory.dmp	upx
behavioral2/memory/5084-164-0x00007FF77D970000-0x00007FF77DCC4000-memory.dmp	upx
behavioral2/files/0x00070000000240cf-159.dat	upx
behavioral2/memory/4636-158-0x00007FF790CC0000-0x00007FF791014000-memory.dmp	upx
behavioral2/memory/1112-157-0x00007FF643700000-0x00007FF643A54000-memory.dmp	upx
behavioral2/memory/4864-156-0x00007FF73EF90000-0x00007FF73F2E4000-memory.dmp	upx
behavioral2/memory/4632-150-0x00007FF7BCB70000-0x00007FF7BCEC4000-memory.dmp	upx
behavioral2/memory/3624-149-0x00007FF718730000-0x00007FF718A84000-memory.dmp	upx
behavioral2/files/0x00070000000240cd-144.dat	upx
behavioral2/memory/3544-143-0x00007FF6328C0000-0x00007FF632C14000-memory.dmp	upx
behavioral2/memory/2584-142-0x00007FF627160000-0x00007FF6274B4000-memory.dmp	upx
behavioral2/memory/1268-141-0x00007FF62E870000-0x00007FF62EBC4000-memory.dmp	upx
behavioral2/memory/3148-132-0x00007FF72D700000-0x00007FF72DA54000-memory.dmp	upx
behavioral2/memory/5020-131-0x00007FF6E4C50000-0x00007FF6E4FA4000-memory.dmp	upx
behavioral2/files/0x00070000000240cb-129.dat	upx
behavioral2/memory/3976-125-0x00007FF6959A0000-0x00007FF695CF4000-memory.dmp	upx
behavioral2/memory/3560-124-0x00007FF61D510000-0x00007FF61D864000-memory.dmp	upx
behavioral2/files/0x00070000000240ca-122.dat	upx
behavioral2/memory/4476-118-0x00007FF770FA0000-0x00007FF7712F4000-memory.dmp	upx
behavioral2/memory/5112-117-0x00007FF6AD5D0000-0x00007FF6AD924000-memory.dmp	upx
behavioral2/files/0x00070000000240c9-112.dat	upx
behavioral2/memory/1768-111-0x00007FF6A9A00000-0x00007FF6A9D54000-memory.dmp	upx
behavioral2/memory/1320-108-0x00007FF677D50000-0x00007FF6780A4000-memory.dmp	upx
behavioral2/memory/3628-102-0x00007FF7A97F0000-0x00007FF7A9B44000-memory.dmp	upx
behavioral2/memory/5084-95-0x00007FF77D970000-0x00007FF77DCC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UUuIZCm.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kNscVoj.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ENwSDBM.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SZLjmun.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qfvVhSZ.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nooSPbv.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iZDOxCC.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oovdqWU.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dyYvzud.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EdAcaIX.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QNwQerZ.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ckbsobw.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HNZrSAM.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\foFlBVn.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EwSazVG.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MrhKBYj.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AwJlrJB.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dfKUQGI.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mMXQcVB.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nRUjNYq.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VIrbDpP.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JYMyFeo.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BsTiPcO.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eyqyvOV.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\intdnQi.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aDfxQnV.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iFUPXzn.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qnxSFQP.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BTlMMVQ.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jHDDUCV.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GZayITA.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vgkwHqi.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DiymSLg.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LdEzrTL.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WsALpLI.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zjOLAIF.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XbMLtZO.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lqxUuqQ.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oRtrDqi.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AWPObNo.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aoSssPi.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YwSxIkZ.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QecOIEh.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pnqtERO.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZkOyfzX.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\soSiuKJ.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yzFSzki.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bOiiWDo.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fKgZVOO.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wzLloBC.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ExYWCMo.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hjaGBoZ.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qEiQETO.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LvZbWDR.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dtKYSoQ.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MHMjTZj.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lGFaiyK.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uRNEseR.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KRNwkVT.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tMXuoDZ.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JUvNjtT.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JWGkvwC.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EMxqoeh.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IqKBwrV.exe	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4008 wrote to memory of 5040	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 4008 wrote to memory of 5040	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 4008 wrote to memory of 1400	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 4008 wrote to memory of 1400	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 4008 wrote to memory of 1560	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 4008 wrote to memory of 1560	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 4008 wrote to memory of 2840	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 4008 wrote to memory of 2840	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 4008 wrote to memory of 2432	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 4008 wrote to memory of 2432	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 4008 wrote to memory of 636	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 4008 wrote to memory of 636	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 4008 wrote to memory of 1320	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4008 wrote to memory of 1320	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4008 wrote to memory of 5112	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 4008 wrote to memory of 5112	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 4008 wrote to memory of 3560	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 4008 wrote to memory of 3560	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 4008 wrote to memory of 5020	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 4008 wrote to memory of 5020	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 4008 wrote to memory of 1268	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 4008 wrote to memory of 1268	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 4008 wrote to memory of 3624	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 4008 wrote to memory of 3624	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 4008 wrote to memory of 4632	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4008 wrote to memory of 4632	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4008 wrote to memory of 1112	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4008 wrote to memory of 1112	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4008 wrote to memory of 5084	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4008 wrote to memory of 5084	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4008 wrote to memory of 3628	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4008 wrote to memory of 3628	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4008 wrote to memory of 1768	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4008 wrote to memory of 1768	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4008 wrote to memory of 4476	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4008 wrote to memory of 4476	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4008 wrote to memory of 3976	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4008 wrote to memory of 3976	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4008 wrote to memory of 3148	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4008 wrote to memory of 3148	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4008 wrote to memory of 2584	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4008 wrote to memory of 2584	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4008 wrote to memory of 3544	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4008 wrote to memory of 3544	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4008 wrote to memory of 4864	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4008 wrote to memory of 4864	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4008 wrote to memory of 4636	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 4008 wrote to memory of 4636	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 4008 wrote to memory of 3252	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 4008 wrote to memory of 3252	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 4008 wrote to memory of 1028	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4008 wrote to memory of 1028	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4008 wrote to memory of 4596	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4008 wrote to memory of 4596	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4008 wrote to memory of 2932	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4008 wrote to memory of 2932	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4008 wrote to memory of 3776	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4008 wrote to memory of 3776	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4008 wrote to memory of 3216	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4008 wrote to memory of 3216	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4008 wrote to memory of 2108	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 4008 wrote to memory of 2108	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 4008 wrote to memory of 2236	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 4008 wrote to memory of 2236	4008	2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120

C:\Users\Admin\AppData\Local\Temp\2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_1b52fa11266e1b8e7ea14472260e48b0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4008
- C:\Windows\System\TYdyDmY.exe
  C:\Windows\System\TYdyDmY.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\OIfSprH.exe
  C:\Windows\System\OIfSprH.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\hCYBsoZ.exe
  C:\Windows\System\hCYBsoZ.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\fSKEKfS.exe
  C:\Windows\System\fSKEKfS.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\lUvhaKq.exe
  C:\Windows\System\lUvhaKq.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\SNQJsda.exe
  C:\Windows\System\SNQJsda.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\DBNCCda.exe
  C:\Windows\System\DBNCCda.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\HHupkIg.exe
  C:\Windows\System\HHupkIg.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\CzcDEPs.exe
  C:\Windows\System\CzcDEPs.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\coeORCU.exe
  C:\Windows\System\coeORCU.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\AFjhVnc.exe
  C:\Windows\System\AFjhVnc.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\QurzsLl.exe
  C:\Windows\System\QurzsLl.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\ZSWTyQo.exe
  C:\Windows\System\ZSWTyQo.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\OuyyrUs.exe
  C:\Windows\System\OuyyrUs.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\XJrghbL.exe
  C:\Windows\System\XJrghbL.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\xlOqJOf.exe
  C:\Windows\System\xlOqJOf.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\YutgBBs.exe
  C:\Windows\System\YutgBBs.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\JzbXswq.exe
  C:\Windows\System\JzbXswq.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\xFtqgAJ.exe
  C:\Windows\System\xFtqgAJ.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\VKwqqoz.exe
  C:\Windows\System\VKwqqoz.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\BJhEJFD.exe
  C:\Windows\System\BJhEJFD.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\BXtAArj.exe
  C:\Windows\System\BXtAArj.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\uGuKkCI.exe
  C:\Windows\System\uGuKkCI.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\dDZzNIC.exe
  C:\Windows\System\dDZzNIC.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\UUuIZCm.exe
  C:\Windows\System\UUuIZCm.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\aiMSqAy.exe
  C:\Windows\System\aiMSqAy.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\hAVrwjz.exe
  C:\Windows\System\hAVrwjz.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\HYyQdKI.exe
  C:\Windows\System\HYyQdKI.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\ZUYwRPj.exe
  C:\Windows\System\ZUYwRPj.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\ZqAuJpZ.exe
  C:\Windows\System\ZqAuJpZ.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\ckbsobw.exe
  C:\Windows\System\ckbsobw.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\smisEas.exe
  C:\Windows\System\smisEas.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\DwEzwCE.exe
  C:\Windows\System\DwEzwCE.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\BsDSpIg.exe
  C:\Windows\System\BsDSpIg.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\AwZElPq.exe
  C:\Windows\System\AwZElPq.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\HNZrSAM.exe
  C:\Windows\System\HNZrSAM.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\rHTtvWe.exe
  C:\Windows\System\rHTtvWe.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\cdQYGgC.exe
  C:\Windows\System\cdQYGgC.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\PidvPpp.exe
  C:\Windows\System\PidvPpp.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\DoTHChZ.exe
  C:\Windows\System\DoTHChZ.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\uLIJYwl.exe
  C:\Windows\System\uLIJYwl.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\XYrhXSd.exe
  C:\Windows\System\XYrhXSd.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\QCAXcbu.exe
  C:\Windows\System\QCAXcbu.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\hnccxrH.exe
  C:\Windows\System\hnccxrH.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\umqKMkg.exe
  C:\Windows\System\umqKMkg.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\soSiuKJ.exe
  C:\Windows\System\soSiuKJ.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\wXDZVxh.exe
  C:\Windows\System\wXDZVxh.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\UCLNZhF.exe
  C:\Windows\System\UCLNZhF.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\uoNYdLi.exe
  C:\Windows\System\uoNYdLi.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\zxuFFwS.exe
  C:\Windows\System\zxuFFwS.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\nuikUYi.exe
  C:\Windows\System\nuikUYi.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\nCWdKNE.exe
  C:\Windows\System\nCWdKNE.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\oRgDQUP.exe
  C:\Windows\System\oRgDQUP.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\EPqKgpQ.exe
  C:\Windows\System\EPqKgpQ.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\ewqLvZA.exe
  C:\Windows\System\ewqLvZA.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\piLvMEV.exe
  C:\Windows\System\piLvMEV.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\hANsJmZ.exe
  C:\Windows\System\hANsJmZ.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\lHcFnJK.exe
  C:\Windows\System\lHcFnJK.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\gVxWxyw.exe
  C:\Windows\System\gVxWxyw.exe
  2⤵
  - Executes dropped EXE
  PID:5124
- C:\Windows\System\ccdfLHt.exe
  C:\Windows\System\ccdfLHt.exe
  2⤵
  - Executes dropped EXE
  PID:5152
- C:\Windows\System\ZCSBlrp.exe
  C:\Windows\System\ZCSBlrp.exe
  2⤵
  - Executes dropped EXE
  PID:5180
- C:\Windows\System\HFgdKWi.exe
  C:\Windows\System\HFgdKWi.exe
  2⤵
  - Executes dropped EXE
  PID:5208
- C:\Windows\System\anlYrfn.exe
  C:\Windows\System\anlYrfn.exe
  2⤵
  - Executes dropped EXE
  PID:5236
- C:\Windows\System\IsjBPAO.exe
  C:\Windows\System\IsjBPAO.exe
  2⤵
  - Executes dropped EXE
  PID:5264
- C:\Windows\System\jYbjUMN.exe
  C:\Windows\System\jYbjUMN.exe
  2⤵
  PID:5292
- C:\Windows\System\Tlpzcxi.exe
  C:\Windows\System\Tlpzcxi.exe
  2⤵
  PID:5320
- C:\Windows\System\BTDHTCd.exe
  C:\Windows\System\BTDHTCd.exe
  2⤵
  PID:5348
- C:\Windows\System\qqgllfb.exe
  C:\Windows\System\qqgllfb.exe
  2⤵
  PID:5376
- C:\Windows\System\kWanaBT.exe
  C:\Windows\System\kWanaBT.exe
  2⤵
  PID:5404
- C:\Windows\System\FCsGbou.exe
  C:\Windows\System\FCsGbou.exe
  2⤵
  PID:5432
- C:\Windows\System\NUtGnlc.exe
  C:\Windows\System\NUtGnlc.exe
  2⤵
  PID:5456
- C:\Windows\System\VLeoafJ.exe
  C:\Windows\System\VLeoafJ.exe
  2⤵
  PID:5488
- C:\Windows\System\VDqLmKr.exe
  C:\Windows\System\VDqLmKr.exe
  2⤵
  PID:5512
- C:\Windows\System\eyqyvOV.exe
  C:\Windows\System\eyqyvOV.exe
  2⤵
  PID:5544
- C:\Windows\System\TyNaCSQ.exe
  C:\Windows\System\TyNaCSQ.exe
  2⤵
  PID:5572
- C:\Windows\System\jppLmbp.exe
  C:\Windows\System\jppLmbp.exe
  2⤵
  PID:5600
- C:\Windows\System\OzYDavK.exe
  C:\Windows\System\OzYDavK.exe
  2⤵
  PID:5628
- C:\Windows\System\aZWBSXs.exe
  C:\Windows\System\aZWBSXs.exe
  2⤵
  PID:5656
- C:\Windows\System\iiWOqmJ.exe
  C:\Windows\System\iiWOqmJ.exe
  2⤵
  PID:5688
- C:\Windows\System\QorOpAy.exe
  C:\Windows\System\QorOpAy.exe
  2⤵
  PID:5712
- C:\Windows\System\cCwlfQT.exe
  C:\Windows\System\cCwlfQT.exe
  2⤵
  PID:5740
- C:\Windows\System\PGTmAzI.exe
  C:\Windows\System\PGTmAzI.exe
  2⤵
  PID:5768
- C:\Windows\System\PexxTta.exe
  C:\Windows\System\PexxTta.exe
  2⤵
  PID:5796
- C:\Windows\System\yPKwUBQ.exe
  C:\Windows\System\yPKwUBQ.exe
  2⤵
  PID:5824
- C:\Windows\System\wYFwZAl.exe
  C:\Windows\System\wYFwZAl.exe
  2⤵
  PID:5852
- C:\Windows\System\EQWhLRE.exe
  C:\Windows\System\EQWhLRE.exe
  2⤵
  PID:5880
- C:\Windows\System\dyYvzud.exe
  C:\Windows\System\dyYvzud.exe
  2⤵
  PID:5908
- C:\Windows\System\sGHxcnB.exe
  C:\Windows\System\sGHxcnB.exe
  2⤵
  PID:5936
- C:\Windows\System\wVnFMjI.exe
  C:\Windows\System\wVnFMjI.exe
  2⤵
  PID:5964
- C:\Windows\System\KvzxPxm.exe
  C:\Windows\System\KvzxPxm.exe
  2⤵
  PID:5992
- C:\Windows\System\JhHjvoD.exe
  C:\Windows\System\JhHjvoD.exe
  2⤵
  PID:6020
- C:\Windows\System\foFlBVn.exe
  C:\Windows\System\foFlBVn.exe
  2⤵
  PID:6048
- C:\Windows\System\qcDKvwE.exe
  C:\Windows\System\qcDKvwE.exe
  2⤵
  PID:6076
- C:\Windows\System\bOiiWDo.exe
  C:\Windows\System\bOiiWDo.exe
  2⤵
  PID:6104
- C:\Windows\System\HFvKtIr.exe
  C:\Windows\System\HFvKtIr.exe
  2⤵
  PID:6132
- C:\Windows\System\jaAOMQw.exe
  C:\Windows\System\jaAOMQw.exe
  2⤵
  PID:4880
- C:\Windows\System\qSORAeT.exe
  C:\Windows\System\qSORAeT.exe
  2⤵
  PID:4072
- C:\Windows\System\Znjdgpe.exe
  C:\Windows\System\Znjdgpe.exe
  2⤵
  PID:4972
- C:\Windows\System\XvPlZAx.exe
  C:\Windows\System\XvPlZAx.exe
  2⤵
  PID:4368
- C:\Windows\System\YxItpya.exe
  C:\Windows\System\YxItpya.exe
  2⤵
  PID:2028
- C:\Windows\System\gFSkBLr.exe
  C:\Windows\System\gFSkBLr.exe
  2⤵
  PID:3856
- C:\Windows\System\heIqwZT.exe
  C:\Windows\System\heIqwZT.exe
  2⤵
  PID:5192
- C:\Windows\System\lwczalX.exe
  C:\Windows\System\lwczalX.exe
  2⤵
  PID:5252
- C:\Windows\System\VWQlEqZ.exe
  C:\Windows\System\VWQlEqZ.exe
  2⤵
  PID:5312
- C:\Windows\System\NqOZoCb.exe
  C:\Windows\System\NqOZoCb.exe
  2⤵
  PID:5388
- C:\Windows\System\WmbtIzz.exe
  C:\Windows\System\WmbtIzz.exe
  2⤵
  PID:5448
- C:\Windows\System\QfqwTkq.exe
  C:\Windows\System\QfqwTkq.exe
  2⤵
  PID:5508
- C:\Windows\System\kNscVoj.exe
  C:\Windows\System\kNscVoj.exe
  2⤵
  PID:5584
- C:\Windows\System\muqUUPy.exe
  C:\Windows\System\muqUUPy.exe
  2⤵
  PID:5644
- C:\Windows\System\RSMJqqN.exe
  C:\Windows\System\RSMJqqN.exe
  2⤵
  PID:5708
- C:\Windows\System\ZtAQcKd.exe
  C:\Windows\System\ZtAQcKd.exe
  2⤵
  PID:5780
- C:\Windows\System\QAcCLMF.exe
  C:\Windows\System\QAcCLMF.exe
  2⤵
  PID:5840
- C:\Windows\System\glBSuVb.exe
  C:\Windows\System\glBSuVb.exe
  2⤵
  PID:5900
- C:\Windows\System\gyoHSuC.exe
  C:\Windows\System\gyoHSuC.exe
  2⤵
  PID:5976
- C:\Windows\System\VRDBbvF.exe
  C:\Windows\System\VRDBbvF.exe
  2⤵
  PID:6036
- C:\Windows\System\qsxswvD.exe
  C:\Windows\System\qsxswvD.exe
  2⤵
  PID:6096
- C:\Windows\System\QpYTPEi.exe
  C:\Windows\System\QpYTPEi.exe
  2⤵
  PID:2924
- C:\Windows\System\MNkZHUw.exe
  C:\Windows\System\MNkZHUw.exe
  2⤵
  PID:3272
- C:\Windows\System\VzXbfsZ.exe
  C:\Windows\System\VzXbfsZ.exe
  2⤵
  PID:1792
- C:\Windows\System\nrzErCr.exe
  C:\Windows\System\nrzErCr.exe
  2⤵
  PID:5280
- C:\Windows\System\avlAOAb.exe
  C:\Windows\System\avlAOAb.exe
  2⤵
  PID:5420
- C:\Windows\System\qgvECYr.exe
  C:\Windows\System\qgvECYr.exe
  2⤵
  PID:5560
- C:\Windows\System\emGWakQ.exe
  C:\Windows\System\emGWakQ.exe
  2⤵
  PID:6148
- C:\Windows\System\RXjnAaL.exe
  C:\Windows\System\RXjnAaL.exe
  2⤵
  PID:6192
- C:\Windows\System\CYYZPSt.exe
  C:\Windows\System\CYYZPSt.exe
  2⤵
  PID:6216
- C:\Windows\System\twFpAkR.exe
  C:\Windows\System\twFpAkR.exe
  2⤵
  PID:6244
- C:\Windows\System\fRSfved.exe
  C:\Windows\System\fRSfved.exe
  2⤵
  PID:6272
- C:\Windows\System\wEgfZzb.exe
  C:\Windows\System\wEgfZzb.exe
  2⤵
  PID:6312
- C:\Windows\System\HOijsSy.exe
  C:\Windows\System\HOijsSy.exe
  2⤵
  PID:6340
- C:\Windows\System\qzbhkpr.exe
  C:\Windows\System\qzbhkpr.exe
  2⤵
  PID:6356
- C:\Windows\System\cpLPLaD.exe
  C:\Windows\System\cpLPLaD.exe
  2⤵
  PID:6384
- C:\Windows\System\ZswZEzH.exe
  C:\Windows\System\ZswZEzH.exe
  2⤵
  PID:6400
- C:\Windows\System\uVBqbzI.exe
  C:\Windows\System\uVBqbzI.exe
  2⤵
  PID:6440
- C:\Windows\System\QxdyxzV.exe
  C:\Windows\System\QxdyxzV.exe
  2⤵
  PID:6468
- C:\Windows\System\ryieTFi.exe
  C:\Windows\System\ryieTFi.exe
  2⤵
  PID:6484
- C:\Windows\System\mYFGckY.exe
  C:\Windows\System\mYFGckY.exe
  2⤵
  PID:6512
- C:\Windows\System\JlzfqNF.exe
  C:\Windows\System\JlzfqNF.exe
  2⤵
  PID:6540
- C:\Windows\System\DcJHGAQ.exe
  C:\Windows\System\DcJHGAQ.exe
  2⤵
  PID:6568
- C:\Windows\System\gcbAPIZ.exe
  C:\Windows\System\gcbAPIZ.exe
  2⤵
  PID:6596
- C:\Windows\System\Daoqrwd.exe
  C:\Windows\System\Daoqrwd.exe
  2⤵
  PID:6624
- C:\Windows\System\uNZPzNL.exe
  C:\Windows\System\uNZPzNL.exe
  2⤵
  PID:6664
- C:\Windows\System\HTEszWc.exe
  C:\Windows\System\HTEszWc.exe
  2⤵
  PID:6692
- C:\Windows\System\lZDfZdL.exe
  C:\Windows\System\lZDfZdL.exe
  2⤵
  PID:6720
- C:\Windows\System\anrcCBO.exe
  C:\Windows\System\anrcCBO.exe
  2⤵
  PID:6736
- C:\Windows\System\lQYcXoq.exe
  C:\Windows\System\lQYcXoq.exe
  2⤵
  PID:6764
- C:\Windows\System\jlnTlvv.exe
  C:\Windows\System\jlnTlvv.exe
  2⤵
  PID:6792
- C:\Windows\System\cTQVeLA.exe
  C:\Windows\System\cTQVeLA.exe
  2⤵
  PID:6820
- C:\Windows\System\DatqdxY.exe
  C:\Windows\System\DatqdxY.exe
  2⤵
  PID:6848
- C:\Windows\System\pvZAutQ.exe
  C:\Windows\System\pvZAutQ.exe
  2⤵
  PID:6876
- C:\Windows\System\fKgZVOO.exe
  C:\Windows\System\fKgZVOO.exe
  2⤵
  PID:6904
- C:\Windows\System\ZgkvRVu.exe
  C:\Windows\System\ZgkvRVu.exe
  2⤵
  PID:6932
- C:\Windows\System\mAAkXUf.exe
  C:\Windows\System\mAAkXUf.exe
  2⤵
  PID:6960
- C:\Windows\System\VTWtXRd.exe
  C:\Windows\System\VTWtXRd.exe
  2⤵
  PID:6988
- C:\Windows\System\sUCJwZR.exe
  C:\Windows\System\sUCJwZR.exe
  2⤵
  PID:7016
- C:\Windows\System\PBwEqIU.exe
  C:\Windows\System\PBwEqIU.exe
  2⤵
  PID:7044
- C:\Windows\System\rdTVgpN.exe
  C:\Windows\System\rdTVgpN.exe
  2⤵
  PID:7072
- C:\Windows\System\HrvBpiO.exe
  C:\Windows\System\HrvBpiO.exe
  2⤵
  PID:7100
- C:\Windows\System\JcWRttf.exe
  C:\Windows\System\JcWRttf.exe
  2⤵
  PID:7128
- C:\Windows\System\eoSjFdL.exe
  C:\Windows\System\eoSjFdL.exe
  2⤵
  PID:7156
- C:\Windows\System\gihNagu.exe
  C:\Windows\System\gihNagu.exe
  2⤵
  PID:5812
- C:\Windows\System\gGSDXee.exe
  C:\Windows\System\gGSDXee.exe
  2⤵
  PID:5952
- C:\Windows\System\wzLloBC.exe
  C:\Windows\System\wzLloBC.exe
  2⤵
  PID:6124
- C:\Windows\System\gTbrNvK.exe
  C:\Windows\System\gTbrNvK.exe
  2⤵
  PID:4648
- C:\Windows\System\psRbyxo.exe
  C:\Windows\System\psRbyxo.exe
  2⤵
  PID:5360
- C:\Windows\System\zYpsNRO.exe
  C:\Windows\System\zYpsNRO.exe
  2⤵
  PID:5684
- C:\Windows\System\iSqAVbg.exe
  C:\Windows\System\iSqAVbg.exe
  2⤵
  PID:6212
- C:\Windows\System\ENwSDBM.exe
  C:\Windows\System\ENwSDBM.exe
  2⤵
  PID:6284
- C:\Windows\System\VtSxHKv.exe
  C:\Windows\System\VtSxHKv.exe
  2⤵
  PID:6348
- C:\Windows\System\hLJsSFt.exe
  C:\Windows\System\hLJsSFt.exe
  2⤵
  PID:6412
- C:\Windows\System\YQyzuCD.exe
  C:\Windows\System\YQyzuCD.exe
  2⤵
  PID:6476
- C:\Windows\System\uVEXiqF.exe
  C:\Windows\System\uVEXiqF.exe
  2⤵
  PID:6532
- C:\Windows\System\EwSazVG.exe
  C:\Windows\System\EwSazVG.exe
  2⤵
  PID:6608
- C:\Windows\System\ZGZsFIJ.exe
  C:\Windows\System\ZGZsFIJ.exe
  2⤵
  PID:6676
- C:\Windows\System\WfNzppt.exe
  C:\Windows\System\WfNzppt.exe
  2⤵
  PID:6732
- C:\Windows\System\eWCjXjo.exe
  C:\Windows\System\eWCjXjo.exe
  2⤵
  PID:6804
- C:\Windows\System\HMpwvqu.exe
  C:\Windows\System\HMpwvqu.exe
  2⤵
  PID:6864
- C:\Windows\System\TMOfOTY.exe
  C:\Windows\System\TMOfOTY.exe
  2⤵
  PID:6924
- C:\Windows\System\HvxCHOg.exe
  C:\Windows\System\HvxCHOg.exe
  2⤵
  PID:7000
- C:\Windows\System\BEHwvBi.exe
  C:\Windows\System\BEHwvBi.exe
  2⤵
  PID:7060
- C:\Windows\System\BllHEyh.exe
  C:\Windows\System\BllHEyh.exe
  2⤵
  PID:7120
- C:\Windows\System\vgkwHqi.exe
  C:\Windows\System\vgkwHqi.exe
  2⤵
  PID:5872
- C:\Windows\System\mgjmUfH.exe
  C:\Windows\System\mgjmUfH.exe
  2⤵
  PID:3452
- C:\Windows\System\dVOHqXJ.exe
  C:\Windows\System\dVOHqXJ.exe
  2⤵
  PID:5536
- C:\Windows\System\QPimXar.exe
  C:\Windows\System\QPimXar.exe
  2⤵
  PID:6260
- C:\Windows\System\PNKIeCQ.exe
  C:\Windows\System\PNKIeCQ.exe
  2⤵
  PID:6432
- C:\Windows\System\phBZpJi.exe
  C:\Windows\System\phBZpJi.exe
  2⤵
  PID:6580
- C:\Windows\System\GerwPUy.exe
  C:\Windows\System\GerwPUy.exe
  2⤵
  PID:6712
- C:\Windows\System\uvLWMGN.exe
  C:\Windows\System\uvLWMGN.exe
  2⤵
  PID:7192
- C:\Windows\System\lCdftAz.exe
  C:\Windows\System\lCdftAz.exe
  2⤵
  PID:7220
- C:\Windows\System\rhMcwjI.exe
  C:\Windows\System\rhMcwjI.exe
  2⤵
  PID:7248
- C:\Windows\System\Blylilq.exe
  C:\Windows\System\Blylilq.exe
  2⤵
  PID:7276
- C:\Windows\System\PoWqhsG.exe
  C:\Windows\System\PoWqhsG.exe
  2⤵
  PID:7304
- C:\Windows\System\BvaBSgO.exe
  C:\Windows\System\BvaBSgO.exe
  2⤵
  PID:7332
- C:\Windows\System\QoksMwC.exe
  C:\Windows\System\QoksMwC.exe
  2⤵
  PID:7360
- C:\Windows\System\lqtoEsv.exe
  C:\Windows\System\lqtoEsv.exe
  2⤵
  PID:7388
- C:\Windows\System\hguPlIb.exe
  C:\Windows\System\hguPlIb.exe
  2⤵
  PID:7416
- C:\Windows\System\PnoiJWI.exe
  C:\Windows\System\PnoiJWI.exe
  2⤵
  PID:7444
- C:\Windows\System\zKQlVfg.exe
  C:\Windows\System\zKQlVfg.exe
  2⤵
  PID:7472
- C:\Windows\System\ShGEihj.exe
  C:\Windows\System\ShGEihj.exe
  2⤵
  PID:7500
- C:\Windows\System\eNhgzSN.exe
  C:\Windows\System\eNhgzSN.exe
  2⤵
  PID:7528
- C:\Windows\System\JVdBmUD.exe
  C:\Windows\System\JVdBmUD.exe
  2⤵
  PID:7556
- C:\Windows\System\yWtVKdx.exe
  C:\Windows\System\yWtVKdx.exe
  2⤵
  PID:7584
- C:\Windows\System\XBdTwUk.exe
  C:\Windows\System\XBdTwUk.exe
  2⤵
  PID:7612
- C:\Windows\System\fZUMedI.exe
  C:\Windows\System\fZUMedI.exe
  2⤵
  PID:7640
- C:\Windows\System\YzWxICB.exe
  C:\Windows\System\YzWxICB.exe
  2⤵
  PID:7668
- C:\Windows\System\AWPObNo.exe
  C:\Windows\System\AWPObNo.exe
  2⤵
  PID:7696
- C:\Windows\System\VHWsjUc.exe
  C:\Windows\System\VHWsjUc.exe
  2⤵
  PID:7724
- C:\Windows\System\aucaUjU.exe
  C:\Windows\System\aucaUjU.exe
  2⤵
  PID:7752
- C:\Windows\System\rAODaBw.exe
  C:\Windows\System\rAODaBw.exe
  2⤵
  PID:7780
- C:\Windows\System\NdmADCw.exe
  C:\Windows\System\NdmADCw.exe
  2⤵
  PID:7808
- C:\Windows\System\cAiySoI.exe
  C:\Windows\System\cAiySoI.exe
  2⤵
  PID:7836
- C:\Windows\System\xceOluY.exe
  C:\Windows\System\xceOluY.exe
  2⤵
  PID:7864
- C:\Windows\System\qvlaIsV.exe
  C:\Windows\System\qvlaIsV.exe
  2⤵
  PID:7892
- C:\Windows\System\GiMYSYi.exe
  C:\Windows\System\GiMYSYi.exe
  2⤵
  PID:7920
- C:\Windows\System\JFuXdcu.exe
  C:\Windows\System\JFuXdcu.exe
  2⤵
  PID:7948
- C:\Windows\System\intdnQi.exe
  C:\Windows\System\intdnQi.exe
  2⤵
  PID:7976
- C:\Windows\System\aoSssPi.exe
  C:\Windows\System\aoSssPi.exe
  2⤵
  PID:8004
- C:\Windows\System\hdQiurs.exe
  C:\Windows\System\hdQiurs.exe
  2⤵
  PID:8032
- C:\Windows\System\Vywemhy.exe
  C:\Windows\System\Vywemhy.exe
  2⤵
  PID:8060
- C:\Windows\System\ZJOjhtH.exe
  C:\Windows\System\ZJOjhtH.exe
  2⤵
  PID:8088
- C:\Windows\System\GfRcPLz.exe
  C:\Windows\System\GfRcPLz.exe
  2⤵
  PID:8116
- C:\Windows\System\PIUYTYl.exe
  C:\Windows\System\PIUYTYl.exe
  2⤵
  PID:8144
- C:\Windows\System\mYOnLWu.exe
  C:\Windows\System\mYOnLWu.exe
  2⤵
  PID:8172
- C:\Windows\System\kuCRzOK.exe
  C:\Windows\System\kuCRzOK.exe
  2⤵
  PID:6832
- C:\Windows\System\EvrPMeg.exe
  C:\Windows\System\EvrPMeg.exe
  2⤵
  PID:6972
- C:\Windows\System\VmenVSv.exe
  C:\Windows\System\VmenVSv.exe
  2⤵
  PID:7116
- C:\Windows\System\lCcKndA.exe
  C:\Windows\System\lCcKndA.exe
  2⤵
  PID:4488
- C:\Windows\System\AFrzPoq.exe
  C:\Windows\System\AFrzPoq.exe
  2⤵
  PID:6372
- C:\Windows\System\hefRMay.exe
  C:\Windows\System\hefRMay.exe
  2⤵
  PID:6704
- C:\Windows\System\YwSxIkZ.exe
  C:\Windows\System\YwSxIkZ.exe
  2⤵
  PID:7232
- C:\Windows\System\jQaAzKG.exe
  C:\Windows\System\jQaAzKG.exe
  2⤵
  PID:7292
- C:\Windows\System\ggOCWEu.exe
  C:\Windows\System\ggOCWEu.exe
  2⤵
  PID:7352
- C:\Windows\System\xaKyGEr.exe
  C:\Windows\System\xaKyGEr.exe
  2⤵
  PID:7428
- C:\Windows\System\lylpwow.exe
  C:\Windows\System\lylpwow.exe
  2⤵
  PID:7492
- C:\Windows\System\DiymSLg.exe
  C:\Windows\System\DiymSLg.exe
  2⤵
  PID:7548
- C:\Windows\System\QLNEIVt.exe
  C:\Windows\System\QLNEIVt.exe
  2⤵
  PID:7624
- C:\Windows\System\nFEgjvu.exe
  C:\Windows\System\nFEgjvu.exe
  2⤵
  PID:7684
- C:\Windows\System\XlDxqgh.exe
  C:\Windows\System\XlDxqgh.exe
  2⤵
  PID:7748
- C:\Windows\System\wEpBsUT.exe
  C:\Windows\System\wEpBsUT.exe
  2⤵
  PID:7820
- C:\Windows\System\NjFzndp.exe
  C:\Windows\System\NjFzndp.exe
  2⤵
  PID:7880
- C:\Windows\System\PlhTspH.exe
  C:\Windows\System\PlhTspH.exe
  2⤵
  PID:7940
- C:\Windows\System\dFeOFUY.exe
  C:\Windows\System\dFeOFUY.exe
  2⤵
  PID:8016
- C:\Windows\System\UvoLnRB.exe
  C:\Windows\System\UvoLnRB.exe
  2⤵
  PID:8076
- C:\Windows\System\qzKCPlm.exe
  C:\Windows\System\qzKCPlm.exe
  2⤵
  PID:8160
- C:\Windows\System\VoIiDnr.exe
  C:\Windows\System\VoIiDnr.exe
  2⤵
  PID:6916
- C:\Windows\System\YpEGoXx.exe
  C:\Windows\System\YpEGoXx.exe
  2⤵
  PID:5752
- C:\Windows\System\tMXuoDZ.exe
  C:\Windows\System\tMXuoDZ.exe
  2⤵
  PID:6524
- C:\Windows\System\AwJlrJB.exe
  C:\Windows\System\AwJlrJB.exe
  2⤵
  PID:7272
- C:\Windows\System\wNSLAUk.exe
  C:\Windows\System\wNSLAUk.exe
  2⤵
  PID:7456
- C:\Windows\System\rajnOgP.exe
  C:\Windows\System\rajnOgP.exe
  2⤵
  PID:7576
- C:\Windows\System\gLwzRGl.exe
  C:\Windows\System\gLwzRGl.exe
  2⤵
  PID:7716
- C:\Windows\System\wmtQCWz.exe
  C:\Windows\System\wmtQCWz.exe
  2⤵
  PID:7856
- C:\Windows\System\PEBtQUe.exe
  C:\Windows\System\PEBtQUe.exe
  2⤵
  PID:8216
- C:\Windows\System\KkoiTFz.exe
  C:\Windows\System\KkoiTFz.exe
  2⤵
  PID:8244
- C:\Windows\System\PvDjIkD.exe
  C:\Windows\System\PvDjIkD.exe
  2⤵
  PID:8272
- C:\Windows\System\EsXTZXy.exe
  C:\Windows\System\EsXTZXy.exe
  2⤵
  PID:8300
- C:\Windows\System\rOATOSm.exe
  C:\Windows\System\rOATOSm.exe
  2⤵
  PID:8328
- C:\Windows\System\JVlQJQu.exe
  C:\Windows\System\JVlQJQu.exe
  2⤵
  PID:8356
- C:\Windows\System\ozjFRFM.exe
  C:\Windows\System\ozjFRFM.exe
  2⤵
  PID:8384
- C:\Windows\System\NqJZEUu.exe
  C:\Windows\System\NqJZEUu.exe
  2⤵
  PID:8412
- C:\Windows\System\iyvwnMV.exe
  C:\Windows\System\iyvwnMV.exe
  2⤵
  PID:8440
- C:\Windows\System\LdEzrTL.exe
  C:\Windows\System\LdEzrTL.exe
  2⤵
  PID:8468
- C:\Windows\System\WDHGbaI.exe
  C:\Windows\System\WDHGbaI.exe
  2⤵
  PID:8496
- C:\Windows\System\cqfjfcL.exe
  C:\Windows\System\cqfjfcL.exe
  2⤵
  PID:8524
- C:\Windows\System\WzIDbPh.exe
  C:\Windows\System\WzIDbPh.exe
  2⤵
  PID:8552
- C:\Windows\System\wcfASLP.exe
  C:\Windows\System\wcfASLP.exe
  2⤵
  PID:8580
- C:\Windows\System\OrDTyWx.exe
  C:\Windows\System\OrDTyWx.exe
  2⤵
  PID:8608
- C:\Windows\System\MGahNSr.exe
  C:\Windows\System\MGahNSr.exe
  2⤵
  PID:8636
- C:\Windows\System\dtKYSoQ.exe
  C:\Windows\System\dtKYSoQ.exe
  2⤵
  PID:8664
- C:\Windows\System\esIfCxb.exe
  C:\Windows\System\esIfCxb.exe
  2⤵
  PID:8692
- C:\Windows\System\FqvjXPl.exe
  C:\Windows\System\FqvjXPl.exe
  2⤵
  PID:8720
- C:\Windows\System\ExYWCMo.exe
  C:\Windows\System\ExYWCMo.exe
  2⤵
  PID:8748
- C:\Windows\System\RSyIPJC.exe
  C:\Windows\System\RSyIPJC.exe
  2⤵
  PID:8776
- C:\Windows\System\rspeBbr.exe
  C:\Windows\System\rspeBbr.exe
  2⤵
  PID:8808
- C:\Windows\System\iSYUOfK.exe
  C:\Windows\System\iSYUOfK.exe
  2⤵
  PID:8840
- C:\Windows\System\YIhmber.exe
  C:\Windows\System\YIhmber.exe
  2⤵
  PID:8868
- C:\Windows\System\ZzYEGyc.exe
  C:\Windows\System\ZzYEGyc.exe
  2⤵
  PID:8896
- C:\Windows\System\jFaytxH.exe
  C:\Windows\System\jFaytxH.exe
  2⤵
  PID:8928
- C:\Windows\System\hXtZAwK.exe
  C:\Windows\System\hXtZAwK.exe
  2⤵
  PID:8952
- C:\Windows\System\xuiewGe.exe
  C:\Windows\System\xuiewGe.exe
  2⤵
  PID:8980
- C:\Windows\System\MHMjTZj.exe
  C:\Windows\System\MHMjTZj.exe
  2⤵
  PID:9008
- C:\Windows\System\wKqMYTW.exe
  C:\Windows\System\wKqMYTW.exe
  2⤵
  PID:9028
- C:\Windows\System\NaxOuAq.exe
  C:\Windows\System\NaxOuAq.exe
  2⤵
  PID:9056
- C:\Windows\System\PiWxtZp.exe
  C:\Windows\System\PiWxtZp.exe
  2⤵
  PID:9084
- C:\Windows\System\XjwWiqt.exe
  C:\Windows\System\XjwWiqt.exe
  2⤵
  PID:9112
- C:\Windows\System\uSzuTyw.exe
  C:\Windows\System\uSzuTyw.exe
  2⤵
  PID:9140
- C:\Windows\System\LnIKMLU.exe
  C:\Windows\System\LnIKMLU.exe
  2⤵
  PID:9168
- C:\Windows\System\OLraGyf.exe
  C:\Windows\System\OLraGyf.exe
  2⤵
  PID:9196
- C:\Windows\System\ALSvsSZ.exe
  C:\Windows\System\ALSvsSZ.exe
  2⤵
  PID:7968
- C:\Windows\System\lGFaiyK.exe
  C:\Windows\System\lGFaiyK.exe
  2⤵
  PID:8132
- C:\Windows\System\QecOIEh.exe
  C:\Windows\System\QecOIEh.exe
  2⤵
  PID:7088
- C:\Windows\System\SZLjmun.exe
  C:\Windows\System\SZLjmun.exe
  2⤵
  PID:7344
- C:\Windows\System\SJiThFA.exe
  C:\Windows\System\SJiThFA.exe
  2⤵
  PID:7656
- C:\Windows\System\aobJuea.exe
  C:\Windows\System\aobJuea.exe
  2⤵
  PID:8208
- C:\Windows\System\PQeWmua.exe
  C:\Windows\System\PQeWmua.exe
  2⤵
  PID:8284
- C:\Windows\System\yfvgmAD.exe
  C:\Windows\System\yfvgmAD.exe
  2⤵
  PID:8344
- C:\Windows\System\WsALpLI.exe
  C:\Windows\System\WsALpLI.exe
  2⤵
  PID:8404
- C:\Windows\System\gNElOzD.exe
  C:\Windows\System\gNElOzD.exe
  2⤵
  PID:8480
- C:\Windows\System\vEzHqau.exe
  C:\Windows\System\vEzHqau.exe
  2⤵
  PID:8540
- C:\Windows\System\dfKUQGI.exe
  C:\Windows\System\dfKUQGI.exe
  2⤵
  PID:8596
- C:\Windows\System\bOqdFAc.exe
  C:\Windows\System\bOqdFAc.exe
  2⤵
  PID:8652
- C:\Windows\System\SGfZiIY.exe
  C:\Windows\System\SGfZiIY.exe
  2⤵
  PID:8708
- C:\Windows\System\vEWGQJt.exe
  C:\Windows\System\vEWGQJt.exe
  2⤵
  PID:8768
- C:\Windows\System\NKNDvvx.exe
  C:\Windows\System\NKNDvvx.exe
  2⤵
  PID:8832
- C:\Windows\System\kENSwjL.exe
  C:\Windows\System\kENSwjL.exe
  2⤵
  PID:8912
- C:\Windows\System\uiHrbsV.exe
  C:\Windows\System\uiHrbsV.exe
  2⤵
  PID:8976
- C:\Windows\System\ifAskjy.exe
  C:\Windows\System\ifAskjy.exe
  2⤵
  PID:9024
- C:\Windows\System\XcWbZbT.exe
  C:\Windows\System\XcWbZbT.exe
  2⤵
  PID:9080
- C:\Windows\System\JUvNjtT.exe
  C:\Windows\System\JUvNjtT.exe
  2⤵
  PID:9152
- C:\Windows\System\GlXGPPT.exe
  C:\Windows\System\GlXGPPT.exe
  2⤵
  PID:7912
- C:\Windows\System\GJxYQqx.exe
  C:\Windows\System\GJxYQqx.exe
  2⤵
  PID:6332
- C:\Windows\System\WNfpICl.exe
  C:\Windows\System\WNfpICl.exe
  2⤵
  PID:2904
- C:\Windows\System\qfvVhSZ.exe
  C:\Windows\System\qfvVhSZ.exe
  2⤵
  PID:8256
- C:\Windows\System\QPEOild.exe
  C:\Windows\System\QPEOild.exe
  2⤵
  PID:8376
- C:\Windows\System\tUkTEvS.exe
  C:\Windows\System\tUkTEvS.exe
  2⤵
  PID:8516
- C:\Windows\System\eGRGjyh.exe
  C:\Windows\System\eGRGjyh.exe
  2⤵
  PID:8648
- C:\Windows\System\YWmhjqP.exe
  C:\Windows\System\YWmhjqP.exe
  2⤵
  PID:8760
- C:\Windows\System\dxaHBIQ.exe
  C:\Windows\System\dxaHBIQ.exe
  2⤵
  PID:8940
- C:\Windows\System\OXJQcDz.exe
  C:\Windows\System\OXJQcDz.exe
  2⤵
  PID:9068
- C:\Windows\System\UFTBKQA.exe
  C:\Windows\System\UFTBKQA.exe
  2⤵
  PID:9188
- C:\Windows\System\lTgwCQF.exe
  C:\Windows\System\lTgwCQF.exe
  2⤵
  PID:9236
- C:\Windows\System\wLKZjzX.exe
  C:\Windows\System\wLKZjzX.exe
  2⤵
  PID:9264
- C:\Windows\System\HhhEvbj.exe
  C:\Windows\System\HhhEvbj.exe
  2⤵
  PID:9292
- C:\Windows\System\yWubHhZ.exe
  C:\Windows\System\yWubHhZ.exe
  2⤵
  PID:9328
- C:\Windows\System\wZZGiwg.exe
  C:\Windows\System\wZZGiwg.exe
  2⤵
  PID:9356
- C:\Windows\System\IueFMel.exe
  C:\Windows\System\IueFMel.exe
  2⤵
  PID:9384
- C:\Windows\System\WDtPXKp.exe
  C:\Windows\System\WDtPXKp.exe
  2⤵
  PID:9412
- C:\Windows\System\JTSsrzv.exe
  C:\Windows\System\JTSsrzv.exe
  2⤵
  PID:9440
- C:\Windows\System\TMWvUWy.exe
  C:\Windows\System\TMWvUWy.exe
  2⤵
  PID:9460
- C:\Windows\System\wXqAbEC.exe
  C:\Windows\System\wXqAbEC.exe
  2⤵
  PID:9488
- C:\Windows\System\mhgsNyj.exe
  C:\Windows\System\mhgsNyj.exe
  2⤵
  PID:9516
- C:\Windows\System\ZdSZJzB.exe
  C:\Windows\System\ZdSZJzB.exe
  2⤵
  PID:9544
- C:\Windows\System\wHbUxcx.exe
  C:\Windows\System\wHbUxcx.exe
  2⤵
  PID:9572
- C:\Windows\System\dPuPzsS.exe
  C:\Windows\System\dPuPzsS.exe
  2⤵
  PID:9600
- C:\Windows\System\OnlFiXZ.exe
  C:\Windows\System\OnlFiXZ.exe
  2⤵
  PID:9628
- C:\Windows\System\udPnVnt.exe
  C:\Windows\System\udPnVnt.exe
  2⤵
  PID:9656
- C:\Windows\System\kTDhbBb.exe
  C:\Windows\System\kTDhbBb.exe
  2⤵
  PID:9684
- C:\Windows\System\XQICUez.exe
  C:\Windows\System\XQICUez.exe
  2⤵
  PID:9712
- C:\Windows\System\zjOLAIF.exe
  C:\Windows\System\zjOLAIF.exe
  2⤵
  PID:9740
- C:\Windows\System\vldNIvK.exe
  C:\Windows\System\vldNIvK.exe
  2⤵
  PID:9768
- C:\Windows\System\ebfgJJI.exe
  C:\Windows\System\ebfgJJI.exe
  2⤵
  PID:9796
- C:\Windows\System\oimzffj.exe
  C:\Windows\System\oimzffj.exe
  2⤵
  PID:9824
- C:\Windows\System\HXiLCLG.exe
  C:\Windows\System\HXiLCLG.exe
  2⤵
  PID:9852
- C:\Windows\System\yxWFxlc.exe
  C:\Windows\System\yxWFxlc.exe
  2⤵
  PID:9880
- C:\Windows\System\TYAUVXb.exe
  C:\Windows\System\TYAUVXb.exe
  2⤵
  PID:9908
- C:\Windows\System\mMXQcVB.exe
  C:\Windows\System\mMXQcVB.exe
  2⤵
  PID:9936
- C:\Windows\System\vDxOLug.exe
  C:\Windows\System\vDxOLug.exe
  2⤵
  PID:9976
- C:\Windows\System\hCACTtW.exe
  C:\Windows\System\hCACTtW.exe
  2⤵
  PID:9992
- C:\Windows\System\XDyYGrg.exe
  C:\Windows\System\XDyYGrg.exe
  2⤵
  PID:10020
- C:\Windows\System\CeIfOdZ.exe
  C:\Windows\System\CeIfOdZ.exe
  2⤵
  PID:10048
- C:\Windows\System\kIXMgNX.exe
  C:\Windows\System\kIXMgNX.exe
  2⤵
  PID:10076
- C:\Windows\System\HPoshMR.exe
  C:\Windows\System\HPoshMR.exe
  2⤵
  PID:10104
- C:\Windows\System\lFvdDPf.exe
  C:\Windows\System\lFvdDPf.exe
  2⤵
  PID:10132
- C:\Windows\System\gxcSEHa.exe
  C:\Windows\System\gxcSEHa.exe
  2⤵
  PID:10160
- C:\Windows\System\lhkfeOi.exe
  C:\Windows\System\lhkfeOi.exe
  2⤵
  PID:10188
- C:\Windows\System\yalFHtI.exe
  C:\Windows\System\yalFHtI.exe
  2⤵
  PID:10216
- C:\Windows\System\Vgnyeqc.exe
  C:\Windows\System\Vgnyeqc.exe
  2⤵
  PID:6780
- C:\Windows\System\JWGkvwC.exe
  C:\Windows\System\JWGkvwC.exe
  2⤵
  PID:8200
- C:\Windows\System\nooSPbv.exe
  C:\Windows\System\nooSPbv.exe
  2⤵
  PID:8568
- C:\Windows\System\mCHnCrK.exe
  C:\Windows\System\mCHnCrK.exe
  2⤵
  PID:3304
- C:\Windows\System\wXMHbat.exe
  C:\Windows\System\wXMHbat.exe
  2⤵
  PID:9132
- C:\Windows\System\BbqRqlY.exe
  C:\Windows\System\BbqRqlY.exe
  2⤵
  PID:9228
- C:\Windows\System\xisZzfh.exe
  C:\Windows\System\xisZzfh.exe
  2⤵
  PID:9280
- C:\Windows\System\PlBYGgO.exe
  C:\Windows\System\PlBYGgO.exe
  2⤵
  PID:9344
- C:\Windows\System\hWMoYgc.exe
  C:\Windows\System\hWMoYgc.exe
  2⤵
  PID:9404
- C:\Windows\System\xoEVBXi.exe
  C:\Windows\System\xoEVBXi.exe
  2⤵
  PID:9472
- C:\Windows\System\unVSyrE.exe
  C:\Windows\System\unVSyrE.exe
  2⤵
  PID:1648
- C:\Windows\System\YRQFEfX.exe
  C:\Windows\System\YRQFEfX.exe
  2⤵
  PID:9584
- C:\Windows\System\RuTFweO.exe
  C:\Windows\System\RuTFweO.exe
  2⤵
  PID:1888
- C:\Windows\System\hkQpDuk.exe
  C:\Windows\System\hkQpDuk.exe
  2⤵
  PID:2512
- C:\Windows\System\GqjVJLs.exe
  C:\Windows\System\GqjVJLs.exe
  2⤵
  PID:9724
- C:\Windows\System\wPfLtmo.exe
  C:\Windows\System\wPfLtmo.exe
  2⤵
  PID:9760
- C:\Windows\System\cwuZBBM.exe
  C:\Windows\System\cwuZBBM.exe
  2⤵
  PID:428
- C:\Windows\System\aDfxQnV.exe
  C:\Windows\System\aDfxQnV.exe
  2⤵
  PID:3180
- C:\Windows\System\khphLWE.exe
  C:\Windows\System\khphLWE.exe
  2⤵
  PID:9896
- C:\Windows\System\DqRKipG.exe
  C:\Windows\System\DqRKipG.exe
  2⤵
  PID:9968
- C:\Windows\System\hLNKQIx.exe
  C:\Windows\System\hLNKQIx.exe
  2⤵
  PID:3980
- C:\Windows\System\DFlWgkZ.exe
  C:\Windows\System\DFlWgkZ.exe
  2⤵
  PID:10032
- C:\Windows\System\hxUMDes.exe
  C:\Windows\System\hxUMDes.exe
  2⤵
  PID:10088
- C:\Windows\System\ZtKivKG.exe
  C:\Windows\System\ZtKivKG.exe
  2⤵
  PID:10148
- C:\Windows\System\EMxqoeh.exe
  C:\Windows\System\EMxqoeh.exe
  2⤵
  PID:10208
- C:\Windows\System\ZZmIpKe.exe
  C:\Windows\System\ZZmIpKe.exe
  2⤵
  PID:4228
- C:\Windows\System\JVWwvvP.exe
  C:\Windows\System\JVWwvvP.exe
  2⤵
  PID:8740
- C:\Windows\System\iFUPXzn.exe
  C:\Windows\System\iFUPXzn.exe
  2⤵
  PID:9308
- C:\Windows\System\IqKBwrV.exe
  C:\Windows\System\IqKBwrV.exe
  2⤵
  PID:9380
- C:\Windows\System\WNKcVjD.exe
  C:\Windows\System\WNKcVjD.exe
  2⤵
  PID:9508
- C:\Windows\System\ACDQCwL.exe
  C:\Windows\System\ACDQCwL.exe
  2⤵
  PID:9620
- C:\Windows\System\kswLTmQ.exe
  C:\Windows\System\kswLTmQ.exe
  2⤵
  PID:1828
- C:\Windows\System\ogmWymg.exe
  C:\Windows\System\ogmWymg.exe
  2⤵
  PID:9840
- C:\Windows\System\WtiNUqb.exe
  C:\Windows\System\WtiNUqb.exe
  2⤵
  PID:9960
- C:\Windows\System\TtpbSbp.exe
  C:\Windows\System\TtpbSbp.exe
  2⤵
  PID:1608
- C:\Windows\System\UcUtbIg.exe
  C:\Windows\System\UcUtbIg.exe
  2⤵
  PID:10180
- C:\Windows\System\xSdrPZD.exe
  C:\Windows\System\xSdrPZD.exe
  2⤵
  PID:1072
- C:\Windows\System\zxUBpaw.exe
  C:\Windows\System\zxUBpaw.exe
  2⤵
  PID:9436
- C:\Windows\System\qnxSFQP.exe
  C:\Windows\System\qnxSFQP.exe
  2⤵
  PID:4816
- C:\Windows\System\fKjhxEL.exe
  C:\Windows\System\fKjhxEL.exe
  2⤵
  PID:10244
- C:\Windows\System\eZCJAnU.exe
  C:\Windows\System\eZCJAnU.exe
  2⤵
  PID:10272
- C:\Windows\System\wlfeHoZ.exe
  C:\Windows\System\wlfeHoZ.exe
  2⤵
  PID:10300
- C:\Windows\System\IzEnUaF.exe
  C:\Windows\System\IzEnUaF.exe
  2⤵
  PID:10328
- C:\Windows\System\mQadZHo.exe
  C:\Windows\System\mQadZHo.exe
  2⤵
  PID:10356
- C:\Windows\System\rNyFKOg.exe
  C:\Windows\System\rNyFKOg.exe
  2⤵
  PID:10384
- C:\Windows\System\VvivPHt.exe
  C:\Windows\System\VvivPHt.exe
  2⤵
  PID:10424
- C:\Windows\System\nRUjNYq.exe
  C:\Windows\System\nRUjNYq.exe
  2⤵
  PID:10452
- C:\Windows\System\fVXTwQd.exe
  C:\Windows\System\fVXTwQd.exe
  2⤵
  PID:10468
- C:\Windows\System\enehxTW.exe
  C:\Windows\System\enehxTW.exe
  2⤵
  PID:10496
- C:\Windows\System\VIrbDpP.exe
  C:\Windows\System\VIrbDpP.exe
  2⤵
  PID:10524
- C:\Windows\System\hWFEGzF.exe
  C:\Windows\System\hWFEGzF.exe
  2⤵
  PID:10552
- C:\Windows\System\jYCBffc.exe
  C:\Windows\System\jYCBffc.exe
  2⤵
  PID:10580
- C:\Windows\System\qPFpqxu.exe
  C:\Windows\System\qPFpqxu.exe
  2⤵
  PID:10608
- C:\Windows\System\XBEgvNe.exe
  C:\Windows\System\XBEgvNe.exe
  2⤵
  PID:10636
- C:\Windows\System\sQkYpqL.exe
  C:\Windows\System\sQkYpqL.exe
  2⤵
  PID:10664
- C:\Windows\System\UEUiMlT.exe
  C:\Windows\System\UEUiMlT.exe
  2⤵
  PID:10692
- C:\Windows\System\OwwHjiK.exe
  C:\Windows\System\OwwHjiK.exe
  2⤵
  PID:10720
- C:\Windows\System\KkDbMPL.exe
  C:\Windows\System\KkDbMPL.exe
  2⤵
  PID:10748
- C:\Windows\System\iAIOuCd.exe
  C:\Windows\System\iAIOuCd.exe
  2⤵
  PID:10776
- C:\Windows\System\XbMLtZO.exe
  C:\Windows\System\XbMLtZO.exe
  2⤵
  PID:10804
- C:\Windows\System\rtBzMHk.exe
  C:\Windows\System\rtBzMHk.exe
  2⤵
  PID:10832
- C:\Windows\System\tFWLjrV.exe
  C:\Windows\System\tFWLjrV.exe
  2⤵
  PID:10860
- C:\Windows\System\iZDOxCC.exe
  C:\Windows\System\iZDOxCC.exe
  2⤵
  PID:10888
- C:\Windows\System\exYDPIF.exe
  C:\Windows\System\exYDPIF.exe
  2⤵
  PID:10916
- C:\Windows\System\LrdmwlV.exe
  C:\Windows\System\LrdmwlV.exe
  2⤵
  PID:10944
- C:\Windows\System\pPmiWuh.exe
  C:\Windows\System\pPmiWuh.exe
  2⤵
  PID:10972
- C:\Windows\System\spTCjUf.exe
  C:\Windows\System\spTCjUf.exe
  2⤵
  PID:11000
- C:\Windows\System\pdDvDvi.exe
  C:\Windows\System\pdDvDvi.exe
  2⤵
  PID:11028
- C:\Windows\System\GBKzfuS.exe
  C:\Windows\System\GBKzfuS.exe
  2⤵
  PID:11056
- C:\Windows\System\GpMriVe.exe
  C:\Windows\System\GpMriVe.exe
  2⤵
  PID:11084
- C:\Windows\System\OkxUhDu.exe
  C:\Windows\System\OkxUhDu.exe
  2⤵
  PID:11112
- C:\Windows\System\NVFXXBw.exe
  C:\Windows\System\NVFXXBw.exe
  2⤵
  PID:11140
- C:\Windows\System\naqDcCO.exe
  C:\Windows\System\naqDcCO.exe
  2⤵
  PID:11168
- C:\Windows\System\IVXvKzt.exe
  C:\Windows\System\IVXvKzt.exe
  2⤵
  PID:11196
- C:\Windows\System\qMuFDoB.exe
  C:\Windows\System\qMuFDoB.exe
  2⤵
  PID:11224
- C:\Windows\System\VhjfSlb.exe
  C:\Windows\System\VhjfSlb.exe
  2⤵
  PID:11252
- C:\Windows\System\mVLeegl.exe
  C:\Windows\System\mVLeegl.exe
  2⤵
  PID:10012
- C:\Windows\System\TOkoiml.exe
  C:\Windows\System\TOkoiml.exe
  2⤵
  PID:9276
- C:\Windows\System\pyfgzNH.exe
  C:\Windows\System\pyfgzNH.exe
  2⤵
  PID:9808
- C:\Windows\System\SESzAFl.exe
  C:\Windows\System\SESzAFl.exe
  2⤵
  PID:10292
- C:\Windows\System\pUonnwa.exe
  C:\Windows\System\pUonnwa.exe
  2⤵
  PID:10368
- C:\Windows\System\qjxjczf.exe
  C:\Windows\System\qjxjczf.exe
  2⤵
  PID:10444
- C:\Windows\System\CbauRiH.exe
  C:\Windows\System\CbauRiH.exe
  2⤵
  PID:10512
- C:\Windows\System\GsblUhY.exe
  C:\Windows\System\GsblUhY.exe
  2⤵
  PID:10544
- C:\Windows\System\lZpamGo.exe
  C:\Windows\System\lZpamGo.exe
  2⤵
  PID:10620
- C:\Windows\System\RWiLCpf.exe
  C:\Windows\System\RWiLCpf.exe
  2⤵
  PID:10680
- C:\Windows\System\seXqfmk.exe
  C:\Windows\System\seXqfmk.exe
  2⤵
  PID:10736
- C:\Windows\System\UuoSeiG.exe
  C:\Windows\System\UuoSeiG.exe
  2⤵
  PID:10796
- C:\Windows\System\WCRkUsJ.exe
  C:\Windows\System\WCRkUsJ.exe
  2⤵
  PID:10876
- C:\Windows\System\emLncRX.exe
  C:\Windows\System\emLncRX.exe
  2⤵
  PID:10936
- C:\Windows\System\lFrGNCL.exe
  C:\Windows\System\lFrGNCL.exe
  2⤵
  PID:10992
- C:\Windows\System\fKMTlBw.exe
  C:\Windows\System\fKMTlBw.exe
  2⤵
  PID:11076
- C:\Windows\System\wXpMFRH.exe
  C:\Windows\System\wXpMFRH.exe
  2⤵
  PID:11132
- C:\Windows\System\LeurESo.exe
  C:\Windows\System\LeurESo.exe
  2⤵
  PID:11160
- C:\Windows\System\XQgJpbJ.exe
  C:\Windows\System\XQgJpbJ.exe
  2⤵
  PID:11240
- C:\Windows\System\yxAKbfD.exe
  C:\Windows\System\yxAKbfD.exe
  2⤵
  PID:10236
- C:\Windows\System\gbvTimm.exe
  C:\Windows\System\gbvTimm.exe
  2⤵
  PID:3424
- C:\Windows\System\AXjtzys.exe
  C:\Windows\System\AXjtzys.exe
  2⤵
  PID:10340
- C:\Windows\System\oyLKDgV.exe
  C:\Windows\System\oyLKDgV.exe
  2⤵
  PID:10488
- C:\Windows\System\qdxgpsb.exe
  C:\Windows\System\qdxgpsb.exe
  2⤵
  PID:10792
- C:\Windows\System\MrhKBYj.exe
  C:\Windows\System\MrhKBYj.exe
  2⤵
  PID:10932
- C:\Windows\System\VEegnDP.exe
  C:\Windows\System\VEegnDP.exe
  2⤵
  PID:11104
- C:\Windows\System\AhZSJwF.exe
  C:\Windows\System\AhZSJwF.exe
  2⤵
  PID:2140
- C:\Windows\System\umSLzRQ.exe
  C:\Windows\System\umSLzRQ.exe
  2⤵
  PID:11212
- C:\Windows\System\bsOvsgN.exe
  C:\Windows\System\bsOvsgN.exe
  2⤵
  PID:3412
- C:\Windows\System\EdAcaIX.exe
  C:\Windows\System\EdAcaIX.exe
  2⤵
  PID:4176
- C:\Windows\System\uRNEseR.exe
  C:\Windows\System\uRNEseR.exe
  2⤵
  PID:2836
- C:\Windows\System\lklIFaB.exe
  C:\Windows\System\lklIFaB.exe
  2⤵
  PID:3800
- C:\Windows\System\XeqAnSZ.exe
  C:\Windows\System\XeqAnSZ.exe
  2⤵
  PID:512
- C:\Windows\System\jrMknvk.exe
  C:\Windows\System\jrMknvk.exe
  2⤵
  PID:10912
- C:\Windows\System\BTlMMVQ.exe
  C:\Windows\System\BTlMMVQ.exe
  2⤵
  PID:4912
- C:\Windows\System\fnOkmRX.exe
  C:\Windows\System\fnOkmRX.exe
  2⤵
  PID:1056
- C:\Windows\System\BnAjtSd.exe
  C:\Windows\System\BnAjtSd.exe
  2⤵
  PID:1128
- C:\Windows\System\TlFLePa.exe
  C:\Windows\System\TlFLePa.exe
  2⤵
  PID:4508
- C:\Windows\System\vXtQJbQ.exe
  C:\Windows\System\vXtQJbQ.exe
  2⤵
  PID:4076
- C:\Windows\System\JsZuhLC.exe
  C:\Windows\System\JsZuhLC.exe
  2⤵
  PID:1820
- C:\Windows\System\qgUQlcK.exe
  C:\Windows\System\qgUQlcK.exe
  2⤵
  PID:3056
- C:\Windows\System\ePQSYkg.exe
  C:\Windows\System\ePQSYkg.exe
  2⤵
  PID:11316
- C:\Windows\System\ANEmTIs.exe
  C:\Windows\System\ANEmTIs.exe
  2⤵
  PID:11348
- C:\Windows\System\cYqCQqQ.exe
  C:\Windows\System\cYqCQqQ.exe
  2⤵
  PID:11380
- C:\Windows\System\XgVAAvB.exe
  C:\Windows\System\XgVAAvB.exe
  2⤵
  PID:11412
- C:\Windows\System\zxPOgaE.exe
  C:\Windows\System\zxPOgaE.exe
  2⤵
  PID:11440
- C:\Windows\System\YdPOLMq.exe
  C:\Windows\System\YdPOLMq.exe
  2⤵
  PID:11460
- C:\Windows\System\lYLjJLD.exe
  C:\Windows\System\lYLjJLD.exe
  2⤵
  PID:11496
- C:\Windows\System\NfZUwkE.exe
  C:\Windows\System\NfZUwkE.exe
  2⤵
  PID:11524
- C:\Windows\System\xRcxyFY.exe
  C:\Windows\System\xRcxyFY.exe
  2⤵
  PID:11552
- C:\Windows\System\dVaWZfu.exe
  C:\Windows\System\dVaWZfu.exe
  2⤵
  PID:11580
- C:\Windows\System\CLBwGrd.exe
  C:\Windows\System\CLBwGrd.exe
  2⤵
  PID:11608
- C:\Windows\System\zCibOCE.exe
  C:\Windows\System\zCibOCE.exe
  2⤵
  PID:11640
- C:\Windows\System\dhkjgQM.exe
  C:\Windows\System\dhkjgQM.exe
  2⤵
  PID:11668
- C:\Windows\System\GQLseZf.exe
  C:\Windows\System\GQLseZf.exe
  2⤵
  PID:11692
- C:\Windows\System\CNSAdqI.exe
  C:\Windows\System\CNSAdqI.exe
  2⤵
  PID:11720
- C:\Windows\System\ZZdZjBC.exe
  C:\Windows\System\ZZdZjBC.exe
  2⤵
  PID:11756
- C:\Windows\System\tkFWKzq.exe
  C:\Windows\System\tkFWKzq.exe
  2⤵
  PID:11804
- C:\Windows\System\FqxgjUU.exe
  C:\Windows\System\FqxgjUU.exe
  2⤵
  PID:11824
- C:\Windows\System\ksDJeWJ.exe
  C:\Windows\System\ksDJeWJ.exe
  2⤵
  PID:11884
- C:\Windows\System\HmbEQFl.exe
  C:\Windows\System\HmbEQFl.exe
  2⤵
  PID:11912
- C:\Windows\System\cEXdmnT.exe
  C:\Windows\System\cEXdmnT.exe
  2⤵
  PID:11940
- C:\Windows\System\LmkbvuT.exe
  C:\Windows\System\LmkbvuT.exe
  2⤵
  PID:11984
- C:\Windows\System\lYBDtBc.exe
  C:\Windows\System\lYBDtBc.exe
  2⤵
  PID:12052
- C:\Windows\System\IvYvCXg.exe
  C:\Windows\System\IvYvCXg.exe
  2⤵
  PID:12072
- C:\Windows\System\ooLoTFj.exe
  C:\Windows\System\ooLoTFj.exe
  2⤵
  PID:12100
- C:\Windows\System\jaNsOCF.exe
  C:\Windows\System\jaNsOCF.exe
  2⤵
  PID:12128
- C:\Windows\System\hjaGBoZ.exe
  C:\Windows\System\hjaGBoZ.exe
  2⤵
  PID:12156
- C:\Windows\System\uwOaRVz.exe
  C:\Windows\System\uwOaRVz.exe
  2⤵
  PID:12184
- C:\Windows\System\iRAIDbw.exe
  C:\Windows\System\iRAIDbw.exe
  2⤵
  PID:12212
- C:\Windows\System\VrxVNiS.exe
  C:\Windows\System\VrxVNiS.exe
  2⤵
  PID:12240
- C:\Windows\System\ktIMbRp.exe
  C:\Windows\System\ktIMbRp.exe
  2⤵
  PID:12268
- C:\Windows\System\RJrhTtL.exe
  C:\Windows\System\RJrhTtL.exe
  2⤵
  PID:11276
- C:\Windows\System\igLptRC.exe
  C:\Windows\System\igLptRC.exe
  2⤵
  PID:11328
- C:\Windows\System\pnqtERO.exe
  C:\Windows\System\pnqtERO.exe
  2⤵
  PID:11392
- C:\Windows\System\kZYVbDT.exe
  C:\Windows\System\kZYVbDT.exe
  2⤵
  PID:11468
- C:\Windows\System\itEvGQv.exe
  C:\Windows\System\itEvGQv.exe
  2⤵
  PID:11544
- C:\Windows\System\Llymmks.exe
  C:\Windows\System\Llymmks.exe
  2⤵
  PID:11652
- C:\Windows\System\yDbBRSy.exe
  C:\Windows\System\yDbBRSy.exe
  2⤵
  PID:4768
- C:\Windows\System\eybogYr.exe
  C:\Windows\System\eybogYr.exe
  2⤵
  PID:11816
- C:\Windows\System\FeCCYsO.exe
  C:\Windows\System\FeCCYsO.exe
  2⤵
  PID:11924
- C:\Windows\System\qEiQETO.exe
  C:\Windows\System\qEiQETO.exe
  2⤵
  PID:3428
- C:\Windows\System\VSRvpkN.exe
  C:\Windows\System\VSRvpkN.exe
  2⤵
  PID:12112
- C:\Windows\System\RfaBdwh.exe
  C:\Windows\System\RfaBdwh.exe
  2⤵
  PID:2092
- C:\Windows\System\BKYoeRe.exe
  C:\Windows\System\BKYoeRe.exe
  2⤵
  PID:12232
- C:\Windows\System\KWCooKp.exe
  C:\Windows\System\KWCooKp.exe
  2⤵
  PID:1864
- C:\Windows\System\SQzATRk.exe
  C:\Windows\System\SQzATRk.exe
  2⤵
  PID:11376
- C:\Windows\System\rvuUTJs.exe
  C:\Windows\System\rvuUTJs.exe
  2⤵
  PID:11576
- C:\Windows\System\nurwJoX.exe
  C:\Windows\System\nurwJoX.exe
  2⤵
  PID:11740
- C:\Windows\System\dXjrKer.exe
  C:\Windows\System\dXjrKer.exe
  2⤵
  PID:3512
- C:\Windows\System\FDRyBvY.exe
  C:\Windows\System\FDRyBvY.exe
  2⤵
  PID:12096
- C:\Windows\System\hEvpoDe.exe
  C:\Windows\System\hEvpoDe.exe
  2⤵
  PID:12224
- C:\Windows\System\KehuBmn.exe
  C:\Windows\System\KehuBmn.exe
  2⤵
  PID:11372
- C:\Windows\System\BjECrcZ.exe
  C:\Windows\System\BjECrcZ.exe
  2⤵
  PID:2428
- C:\Windows\System\VdAQrxo.exe
  C:\Windows\System\VdAQrxo.exe
  2⤵
  PID:4304
- C:\Windows\System\OHsISQP.exe
  C:\Windows\System\OHsISQP.exe
  2⤵
  PID:12292
- C:\Windows\System\DFoqHrx.exe
  C:\Windows\System\DFoqHrx.exe
  2⤵
  PID:12324
- C:\Windows\System\SHmDEkh.exe
  C:\Windows\System\SHmDEkh.exe
  2⤵
  PID:12352
- C:\Windows\System\eRdvbEx.exe
  C:\Windows\System\eRdvbEx.exe
  2⤵
  PID:12376
- C:\Windows\System\QnEgrWp.exe
  C:\Windows\System\QnEgrWp.exe
  2⤵
  PID:12424
- C:\Windows\System\rfqqCUi.exe
  C:\Windows\System\rfqqCUi.exe
  2⤵
  PID:12440
- C:\Windows\System\aEKpkNB.exe
  C:\Windows\System\aEKpkNB.exe
  2⤵
  PID:12476
- C:\Windows\System\iebrSrm.exe
  C:\Windows\System\iebrSrm.exe
  2⤵
  PID:12504
- C:\Windows\System\LzMooBN.exe
  C:\Windows\System\LzMooBN.exe
  2⤵
  PID:12532
- C:\Windows\System\CLxffiZ.exe
  C:\Windows\System\CLxffiZ.exe
  2⤵
  PID:12560
- C:\Windows\System\EZdllgw.exe
  C:\Windows\System\EZdllgw.exe
  2⤵
  PID:12588
- C:\Windows\System\iaLmWML.exe
  C:\Windows\System\iaLmWML.exe
  2⤵
  PID:12616
- C:\Windows\System\lqxUuqQ.exe
  C:\Windows\System\lqxUuqQ.exe
  2⤵
  PID:12644
- C:\Windows\System\ftyRKzZ.exe
  C:\Windows\System\ftyRKzZ.exe
  2⤵
  PID:12672
- C:\Windows\System\NotMHZk.exe
  C:\Windows\System\NotMHZk.exe
  2⤵
  PID:12700
- C:\Windows\System\HwzOHWf.exe
  C:\Windows\System\HwzOHWf.exe
  2⤵
  PID:12728
- C:\Windows\System\uRfhicT.exe
  C:\Windows\System\uRfhicT.exe
  2⤵
  PID:12756
- C:\Windows\System\TIeYzdQ.exe
  C:\Windows\System\TIeYzdQ.exe
  2⤵
  PID:12784
- C:\Windows\System\HVdUahy.exe
  C:\Windows\System\HVdUahy.exe
  2⤵
  PID:12816
- C:\Windows\System\ytgCZjB.exe
  C:\Windows\System\ytgCZjB.exe
  2⤵
  PID:12868
- C:\Windows\System\EWYYsCl.exe
  C:\Windows\System\EWYYsCl.exe
  2⤵
  PID:12908
- C:\Windows\System\uSPiFug.exe
  C:\Windows\System\uSPiFug.exe
  2⤵
  PID:12936
- C:\Windows\System\aaYjcGv.exe
  C:\Windows\System\aaYjcGv.exe
  2⤵
  PID:12952
- C:\Windows\System\BFhqHSK.exe
  C:\Windows\System\BFhqHSK.exe
  2⤵
  PID:12996
- C:\Windows\System\GkJDruj.exe
  C:\Windows\System\GkJDruj.exe
  2⤵
  PID:13044
- C:\Windows\System\FSevElW.exe
  C:\Windows\System\FSevElW.exe
  2⤵
  PID:13100
- C:\Windows\System\qjyKPbf.exe
  C:\Windows\System\qjyKPbf.exe
  2⤵
  PID:13124
- C:\Windows\System\TEZBews.exe
  C:\Windows\System\TEZBews.exe
  2⤵
  PID:13160
- C:\Windows\System\AVCSQca.exe
  C:\Windows\System\AVCSQca.exe
  2⤵
  PID:13196
- C:\Windows\System\iTYSBzK.exe
  C:\Windows\System\iTYSBzK.exe
  2⤵
  PID:13224
- C:\Windows\System\lVlSpHA.exe
  C:\Windows\System\lVlSpHA.exe
  2⤵
  PID:13256
- C:\Windows\System\cLrpNwA.exe
  C:\Windows\System\cLrpNwA.exe
  2⤵
  PID:13288
- C:\Windows\System\rEAIgPr.exe
  C:\Windows\System\rEAIgPr.exe
  2⤵
  PID:11676
- C:\Windows\System\fjzXCSe.exe
  C:\Windows\System\fjzXCSe.exe
  2⤵
  PID:12364
- C:\Windows\System\LSbKQNj.exe
  C:\Windows\System\LSbKQNj.exe
  2⤵
  PID:4824
- C:\Windows\System\XuIdKos.exe
  C:\Windows\System\XuIdKos.exe
  2⤵
  PID:12404
- C:\Windows\System\RgoHNUh.exe
  C:\Windows\System\RgoHNUh.exe
  2⤵
  PID:12468
- C:\Windows\System\kcbFEkR.exe
  C:\Windows\System\kcbFEkR.exe
  2⤵
  PID:12528
- C:\Windows\System\HJJUczp.exe
  C:\Windows\System\HJJUczp.exe
  2⤵
  PID:12612
- C:\Windows\System\EESoMWY.exe
  C:\Windows\System\EESoMWY.exe
  2⤵
  PID:12692
- C:\Windows\System\FrBxWCC.exe
  C:\Windows\System\FrBxWCC.exe
  2⤵
  PID:12752
- C:\Windows\System\VbKTyUe.exe
  C:\Windows\System\VbKTyUe.exe
  2⤵
  PID:12860
- C:\Windows\System\FizxUev.exe
  C:\Windows\System\FizxUev.exe
  2⤵
  PID:12972
- C:\Windows\System\FEZWJOC.exe
  C:\Windows\System\FEZWJOC.exe
  2⤵
  PID:13120
- C:\Windows\System\xnaLCvn.exe
  C:\Windows\System\xnaLCvn.exe
  2⤵
  PID:13208
- C:\Windows\System\infXMPG.exe
  C:\Windows\System\infXMPG.exe
  2⤵
  PID:11628
- C:\Windows\System\djPwmrJ.exe
  C:\Windows\System\djPwmrJ.exe
  2⤵
  PID:13272
- C:\Windows\System\PUMGsep.exe
  C:\Windows\System\PUMGsep.exe
  2⤵
  PID:13300
- C:\Windows\System\NfqSbeD.exe
  C:\Windows\System\NfqSbeD.exe
  2⤵
  PID:12452
- C:\Windows\System\SgooyrE.exe
  C:\Windows\System\SgooyrE.exe
  2⤵
  PID:12600
- C:\Windows\System\YnJyEWT.exe
  C:\Windows\System\YnJyEWT.exe
  2⤵
  PID:12748
- C:\Windows\System\asdrxXe.exe
  C:\Windows\System\asdrxXe.exe
  2⤵
  PID:12920
- C:\Windows\System\pcJaGKi.exe
  C:\Windows\System\pcJaGKi.exe
  2⤵
  PID:13248
- C:\Windows\System\KRNwkVT.exe
  C:\Windows\System\KRNwkVT.exe
  2⤵
  PID:4520
- C:\Windows\System\lkyGALO.exe
  C:\Windows\System\lkyGALO.exe
  2⤵
  PID:12668
- C:\Windows\System\JYMyFeo.exe
  C:\Windows\System\JYMyFeo.exe
  2⤵
  PID:11784
- C:\Windows\System\yITVpZi.exe
  C:\Windows\System\yITVpZi.exe
  2⤵
  PID:13240
- C:\Windows\System\rjHxQTv.exe
  C:\Windows\System\rjHxQTv.exe
  2⤵
  PID:13324
- C:\Windows\System\QNwQerZ.exe
  C:\Windows\System\QNwQerZ.exe
  2⤵
  PID:13356
- C:\Windows\System\AVowTPN.exe
  C:\Windows\System\AVowTPN.exe
  2⤵
  PID:13380
- C:\Windows\System\ZLFRLYq.exe
  C:\Windows\System\ZLFRLYq.exe
  2⤵
  PID:13404
- C:\Windows\System\UhMvmLH.exe
  C:\Windows\System\UhMvmLH.exe
  2⤵
  PID:13424
- C:\Windows\System\yzFSzki.exe
  C:\Windows\System\yzFSzki.exe
  2⤵
  PID:13444
- C:\Windows\System\cPNHkhL.exe
  C:\Windows\System\cPNHkhL.exe
  2⤵
  PID:13460
- C:\Windows\System\WjOujPm.exe
  C:\Windows\System\WjOujPm.exe
  2⤵
  PID:13484
- C:\Windows\System\tawkeAx.exe
  C:\Windows\System\tawkeAx.exe
  2⤵
  PID:13516
- C:\Windows\System\xnnApAg.exe
  C:\Windows\System\xnnApAg.exe
  2⤵
  PID:13544
- C:\Windows\System\SfevGCi.exe
  C:\Windows\System\SfevGCi.exe
  2⤵
  PID:13564
- C:\Windows\System\OSegmAn.exe
  C:\Windows\System\OSegmAn.exe
  2⤵
  PID:13600
- C:\Windows\System\XDjfcIV.exe
  C:\Windows\System\XDjfcIV.exe
  2⤵
  PID:13640
- C:\Windows\System\mGwjVEM.exe
  C:\Windows\System\mGwjVEM.exe
  2⤵
  PID:13688
- C:\Windows\System\izWpWXc.exe
  C:\Windows\System\izWpWXc.exe
  2⤵
  PID:13720
- C:\Windows\System\jHDDUCV.exe
  C:\Windows\System\jHDDUCV.exe
  2⤵
  PID:13776
- C:\Windows\System\jFLxUlf.exe
  C:\Windows\System\jFLxUlf.exe
  2⤵
  PID:13796
- C:\Windows\System\ZvNhSvu.exe
  C:\Windows\System\ZvNhSvu.exe
  2⤵
  PID:13820
- C:\Windows\System\YApPlSb.exe
  C:\Windows\System\YApPlSb.exe
  2⤵
  PID:13840
- C:\Windows\System\aixGPLH.exe
  C:\Windows\System\aixGPLH.exe
  2⤵
  PID:13876
- C:\Windows\System\CJzUkYz.exe
  C:\Windows\System\CJzUkYz.exe
  2⤵
  PID:13904
- C:\Windows\System\fQENAQh.exe
  C:\Windows\System\fQENAQh.exe
  2⤵
  PID:13936
- C:\Windows\System\DCpBpHA.exe
  C:\Windows\System\DCpBpHA.exe
  2⤵
  PID:13976
- C:\Windows\System\GSysfbw.exe
  C:\Windows\System\GSysfbw.exe
  2⤵
  PID:14004
- C:\Windows\System\vWCHkSQ.exe
  C:\Windows\System\vWCHkSQ.exe
  2⤵
  PID:14036
- C:\Windows\System\oVaISHB.exe
  C:\Windows\System\oVaISHB.exe
  2⤵
  PID:14064
- C:\Windows\System\mRPwCVN.exe
  C:\Windows\System\mRPwCVN.exe
  2⤵
  PID:14088
- C:\Windows\System\yAEXIuI.exe
  C:\Windows\System\yAEXIuI.exe
  2⤵
  PID:14108
- C:\Windows\System\oRzxNHG.exe
  C:\Windows\System\oRzxNHG.exe
  2⤵
  PID:14148
- C:\Windows\System\UFRTvYm.exe
  C:\Windows\System\UFRTvYm.exe
  2⤵
  PID:14176
- C:\Windows\System\wRZLePN.exe
  C:\Windows\System\wRZLePN.exe
  2⤵
  PID:14196
- C:\Windows\System\dMsiONs.exe
  C:\Windows\System\dMsiONs.exe
  2⤵
  PID:14228
- C:\Windows\System\tWNsEQm.exe
  C:\Windows\System\tWNsEQm.exe
  2⤵
  PID:14268
- C:\Windows\System\aGnARtK.exe
  C:\Windows\System\aGnARtK.exe
  2⤵
  PID:14296
- C:\Windows\System\ALUTyxm.exe
  C:\Windows\System\ALUTyxm.exe
  2⤵
  PID:14316
- C:\Windows\System\YUgrtxv.exe
  C:\Windows\System\YUgrtxv.exe
  2⤵
  PID:13368
- C:\Windows\System\LQsRXDZ.exe
  C:\Windows\System\LQsRXDZ.exe
  2⤵
  PID:13416
- C:\Windows\System\uFBWWfF.exe
  C:\Windows\System\uFBWWfF.exe
  2⤵
  PID:13476
- C:\Windows\System\CSBpyqM.exe
  C:\Windows\System\CSBpyqM.exe
  2⤵
  PID:13672
- C:\Windows\System\Rsmmszc.exe
  C:\Windows\System\Rsmmszc.exe
  2⤵
  PID:13652
- C:\Windows\System\jhjWHpH.exe
  C:\Windows\System\jhjWHpH.exe
  2⤵
  PID:13760
- C:\Windows\System\hIigJkQ.exe
  C:\Windows\System\hIigJkQ.exe
  2⤵
  PID:13816
- C:\Windows\System\yuifBBQ.exe
  C:\Windows\System\yuifBBQ.exe
  2⤵
  PID:13856
- C:\Windows\System\VEnEgvw.exe
  C:\Windows\System\VEnEgvw.exe
  2⤵
  PID:3968
- C:\Windows\System\OpZmcZM.exe
  C:\Windows\System\OpZmcZM.exe
  2⤵
  PID:1936
- C:\Windows\System\dnczXjV.exe
  C:\Windows\System\dnczXjV.exe
  2⤵
  PID:14000
- C:\Windows\System\AFMxlme.exe
  C:\Windows\System\AFMxlme.exe
  2⤵
  PID:14076
- C:\Windows\System\soCDKtm.exe
  C:\Windows\System\soCDKtm.exe
  2⤵
  PID:14120
- C:\Windows\System\TkPlgek.exe
  C:\Windows\System\TkPlgek.exe
  2⤵
  PID:14172
- C:\Windows\System\vYGdECt.exe
  C:\Windows\System\vYGdECt.exe
  2⤵
  PID:14264
- C:\Windows\System\vpLPXNT.exe
  C:\Windows\System\vpLPXNT.exe
  2⤵
  PID:14324
- C:\Windows\System\OiusxwO.exe
  C:\Windows\System\OiusxwO.exe
  2⤵
  PID:13420
- C:\Windows\System\sWVoKHn.exe
  C:\Windows\System\sWVoKHn.exe
  2⤵
  PID:13032
- C:\Windows\System\kLBBBqR.exe
  C:\Windows\System\kLBBBqR.exe
  2⤵
  PID:13792
- C:\Windows\System\RanGWKo.exe
  C:\Windows\System\RanGWKo.exe
  2⤵
  PID:13892
- C:\Windows\System\WEhRbWV.exe
  C:\Windows\System\WEhRbWV.exe
  2⤵
  PID:14096
- C:\Windows\System\TjMcWqF.exe
  C:\Windows\System\TjMcWqF.exe
  2⤵
  PID:14304
- C:\Windows\System\UtMgBrB.exe
  C:\Windows\System\UtMgBrB.exe
  2⤵
  PID:13988
- C:\Windows\System\iyZnnwl.exe
  C:\Windows\System\iyZnnwl.exe
  2⤵
  PID:14344
- C:\Windows\System\xbKjxnb.exe
  C:\Windows\System\xbKjxnb.exe
  2⤵
  PID:14376
- C:\Windows\System\RFRYOoS.exe
  C:\Windows\System\RFRYOoS.exe
  2⤵
  PID:14404
- C:\Windows\System\tIlbyDK.exe
  C:\Windows\System\tIlbyDK.exe
  2⤵
  PID:14420
- C:\Windows\System\wvqqmra.exe
  C:\Windows\System\wvqqmra.exe
  2⤵
  PID:14448
- C:\Windows\System\UyIHova.exe
  C:\Windows\System\UyIHova.exe
  2⤵
  PID:14476
- C:\Windows\System\XGYuyLe.exe
  C:\Windows\System\XGYuyLe.exe
  2⤵
  PID:14516
- C:\Windows\System\RYQmSXh.exe
  C:\Windows\System\RYQmSXh.exe
  2⤵
  PID:14536
- C:\Windows\System\iMwrlyj.exe
  C:\Windows\System\iMwrlyj.exe
  2⤵
  PID:14564
- C:\Windows\System\iZxNVmv.exe
  C:\Windows\System\iZxNVmv.exe
  2⤵
  PID:14592
- C:\Windows\System\hvOoQqc.exe
  C:\Windows\System\hvOoQqc.exe
  2⤵
  PID:14636
- C:\Windows\System\PyziVED.exe
  C:\Windows\System\PyziVED.exe
  2⤵
  PID:14672
- C:\Windows\System\ELfVplF.exe
  C:\Windows\System\ELfVplF.exe
  2⤵
  PID:14700
- C:\Windows\System\kXrgxwA.exe
  C:\Windows\System\kXrgxwA.exe
  2⤵
  PID:14728
- C:\Windows\System\OFBonFF.exe
  C:\Windows\System\OFBonFF.exe
  2⤵
  PID:14756
- C:\Windows\System\WMAtveg.exe
  C:\Windows\System\WMAtveg.exe
  2⤵
  PID:14784
- C:\Windows\System\oRtrDqi.exe
  C:\Windows\System\oRtrDqi.exe
  2⤵
  PID:14812
- C:\Windows\System\ZSfWQBs.exe
  C:\Windows\System\ZSfWQBs.exe
  2⤵
  PID:14840
- C:\Windows\System\doIwSCp.exe
  C:\Windows\System\doIwSCp.exe
  2⤵
  PID:14868
- C:\Windows\System\WtnUoqa.exe
  C:\Windows\System\WtnUoqa.exe
  2⤵
  PID:14896
- C:\Windows\System\PCruNre.exe
  C:\Windows\System\PCruNre.exe
  2⤵
  PID:14928
- C:\Windows\System\tTRMEcM.exe
  C:\Windows\System\tTRMEcM.exe
  2⤵
  PID:14960
- C:\Windows\System\BsTiPcO.exe
  C:\Windows\System\BsTiPcO.exe
  2⤵
  PID:14988
- C:\Windows\System\kZoWZDx.exe
  C:\Windows\System\kZoWZDx.exe
  2⤵
  PID:15016
- C:\Windows\System\LxzSdGB.exe
  C:\Windows\System\LxzSdGB.exe
  2⤵
  PID:15044
- C:\Windows\System\PRYyXLj.exe
  C:\Windows\System\PRYyXLj.exe
  2⤵
  PID:15072
- C:\Windows\System\XqfILAj.exe
  C:\Windows\System\XqfILAj.exe
  2⤵
  PID:15100
- C:\Windows\System\ujpKooR.exe
  C:\Windows\System\ujpKooR.exe
  2⤵
  PID:15128
- C:\Windows\System\vtVmqaw.exe
  C:\Windows\System\vtVmqaw.exe
  2⤵
  PID:15156
- C:\Windows\System\MfEreEr.exe
  C:\Windows\System\MfEreEr.exe
  2⤵
  PID:15184
- C:\Windows\System\zzehsLT.exe
  C:\Windows\System\zzehsLT.exe
  2⤵
  PID:15220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AFjhVnc.exe

Filesize
6.1MB

MD5
46666ebf48f7f87c80d4825c7426d98c

SHA1
01a3b128315e6bf57615e68f7bc8c80dc2972a59

SHA256
c13b57a76daccfb0abe92972e454af5267b2cfbb3b4d1266283b2d7ae67abad2

SHA512
2cf8dcd2b3ff99c3214215bb67e3fe7364a8ec2c315b3ef8e427f4e1689f70b9f679a20cff1694b56b53b5fd73bc5dc12968f1718b67d796f4173ef3f621f268

Download Submit
C:\Windows\System\BJhEJFD.exe

Filesize
6.1MB

MD5
7c1efe571dc2b22d3ecbced7b152a1ac

SHA1
c05861716429a0478db3f7de259a0b7e8192dc14

SHA256
ce06b51c261226863d175678ccd14892a1a7f48cf80086a8087882a8b43c7dae

SHA512
cf3a536713df0aaefcff4db4590539757529d17374d6cd658b06afb39c4cba47a1c3fb9a9a5fd4b64140f78426ff99aae82d27b951bc35f75c6b3af6bb0439cd

Download Submit
C:\Windows\System\BXtAArj.exe

Filesize
6.1MB

MD5
9aa78d6da5c5c3ee07f352fca512cb9e

SHA1
0b913067e319e43c7fd3a240e724219e9b25850d

SHA256
b55d275f440c1af7a30c9d0e0097e30071845d658dc908832d6ac935f424dc36

SHA512
68259e9021223e9e66a7d8f788a4980743c777490440c1ef92f89d487ee56ad3e429bc2e6f9aaba527383476d9d0f1671fcce4ff81531bff052f63e0f32e8e31

Download Submit
C:\Windows\System\CzcDEPs.exe

Filesize
6.1MB

MD5
c2e602acdbd6a19143d335ee1c22f55f

SHA1
f213463dc5529d1bed89c532ced3bf6e38d3d9cc

SHA256
d37a39c8392946220b53b194dc99a22b6b1614837489cc84666deb21dd996111

SHA512
45d78ea25451767c4ffe5e8e549cb56e9f742400cab8f06969391fe20bb596d420ab17843b2c9d02008aab0e40dc4834d608217d86a49f52a3dd1baba8185e87

Download Submit
C:\Windows\System\DBNCCda.exe

Filesize
6.1MB

MD5
fbc34cd35bc0b0d13f867f63d62a9ae8

SHA1
39463e5c58ed566c0ee1b6a084932ce1b4adcd75

SHA256
cc2e0463276a74f66f87e81a6fbdcd30d1119dd1b029b7140463112c4194b683

SHA512
33aeaa126681664a2187e8b33003d37bfeec0603e0d4167e2fd7aa8fa2cd8afd20e213539f8993ab54390760a3f5eb127320924373408215e227181ce9122720

Download Submit
C:\Windows\System\DwEzwCE.exe

Filesize
6.1MB

MD5
604ff3df58c7d77d9e16759989ba5364

SHA1
3f305ad92f221dacbc69508d7a853cba40a42ed2

SHA256
4bc2b179c77d7013dcd922f1c7f4b8f514b4980de3fe0b07bef5612da0250efe

SHA512
fc27a21a3ede9a26950e6e48793a67ad36df70a5f68f2f0de3f1ba6c9894abd34a3836304cd7c5aebe14a24660488226dce4678820a10cda8b74dffe1a30f92b

Download Submit
C:\Windows\System\HHupkIg.exe

Filesize
6.1MB

MD5
a8d5aba49cd7be8efb60c5a05f027f58

SHA1
eb6280abbad8ce9f0844b9df337c53e6e81a8f89

SHA256
a84c9dbe64ed4e0e9c1ca57c8a7eaf2741283645f2062bf54085f3436aface14

SHA512
7838007a1a617da912263dbcc14249df6fe0becc5106818af5c13c3a126b64a1a36dd2b0fe3aa464a75023693bfb756afa3def1a1a309a7914ba109aa0c2def0

Download Submit
C:\Windows\System\HYyQdKI.exe

Filesize
6.1MB

MD5
da8cad9edb6f4374018d11de4f394394

SHA1
8473b509da27974da53a8752921429cbf184ad83

SHA256
b200bc3f8f390f6a3039e530bd82534ce512609004e61312af1e75ebb099b5a8

SHA512
7aaffcabfe66bcd34de63b735b9bae97f44b7585558d63b72d223c343f5f37e2b4c6dc90a6f209a867af967cfc684b06eb5c343f4de0b515d9c07fc623768f29

Download Submit
C:\Windows\System\JzbXswq.exe

Filesize
6.1MB

MD5
5df33f203bd830e4d3f2791789ecd216

SHA1
b1aad66b118d3d922d6f63bfaff5537c01657ef7

SHA256
5cce7b2696d9da30e02d97b9cdb125a13ad093578b908e48b4ac2dc4ebb75219

SHA512
edc801b160777c9d99f25e30f6b5a186bb563d76377ce9cf4fff29ec7d594cfd5fab3345d05578a9951791405c24dd4ce23f41c671e1810cdd7fc18bb1f65a86

Download Submit
C:\Windows\System\OIfSprH.exe

Filesize
6.1MB

MD5
602ebd23cd1c950749157c57ad5dd30c

SHA1
cad8b4634cbfee6f9727a08311529b74c78c013e

SHA256
2a56d4bd6261c2c0a9f1c6a2d1ac0991aea39155596fd11a67995cbf7100bde4

SHA512
15f9f361e1aeb2d203b0bf57e8e6f8347e71c6ff4983182c5825afb40a464e76fb6dc5edfab63c1a8ee96a65906edc03f166ed4d5e5140f108eb683b84a6da14

Download Submit
C:\Windows\System\OuyyrUs.exe

Filesize
6.1MB

MD5
4b4e773872f5c401e8e8629dec7914ae

SHA1
88670bf13fe22a4534294510eca139b610f76f3d

SHA256
045ac54b1d405120aef70b07da1c5aaea5bab82dc9d1bdf3d426f5e8cfa383f0

SHA512
2eb01f0a00f98c148b9a37a38398c1a27abb962b5b328c7cde95245a0dc8757505ff26b20ef4348c89a11145ccfe746f3e552e12d1d307f8a49d578f2bc1c420

Download Submit
C:\Windows\System\QurzsLl.exe

Filesize
6.1MB

MD5
c56b2bad333c438cd65d50fde5da847e

SHA1
9b8be2c5fc8b9650da9ce045995b95fb92b37657

SHA256
e72e9ac78fd84e3e5180a941986735e62e916c4f24bd701d53e5f0c8d8edef76

SHA512
50d380c87b4d7ca42169d2b5e8092421de762ddd745d8c3c80a6ddadd666fcab2f1fa155e116d299b1ca1503530d75fbd493a0f21680504134a4b6d8792d3e92

Download Submit
C:\Windows\System\SNQJsda.exe

Filesize
6.1MB

MD5
3fee63bbb14b4aff7ec71e498b60b3b1

SHA1
a80165b1ecfa757f531e17c02bcbf9d2bc978c97

SHA256
dd03d2737cf705456c73db46a0525e7369f0e54f30318fd649ac51e2d230e126

SHA512
d5657152dc65aa392112181be0e3f6ac7429b51fe2e8ff74da666403562e3132bb0208cd2d567d67ea9d70e21460beedd502702f71d67c1ca69651b91a328b8a

Download Submit
C:\Windows\System\TYdyDmY.exe

Filesize
6.1MB

MD5
cacea781b2bec647c22dfe48eeff2759

SHA1
c460a8e989977e5a9c247820aa7ec9be62436820

SHA256
212fd3791d6c5ac7ebe7e4526df9e15b0e261a7b61a8ca63dcb06b06937dfe25

SHA512
6b18e9595be84b03bc09218fea39b60876ac365e346249feca812fbfeffa59807b5df010e6e0a809a7b20b191f0765a2a7b0066eda80688123d4470c1f5ed29a

Download Submit
C:\Windows\System\UUuIZCm.exe

Filesize
6.1MB

MD5
a98cf391c5f43c811bd8b192dbf5bebd

SHA1
d71bc8ab4d2a5460a8847e7208d68203ef1987ac

SHA256
82eb991a1f4695be00fae59b64b2dc93401630be81c753dcbadd4dcf5cb1d1a4

SHA512
eeeecf29017f7e1be457c6febaf3297c36ad0a3260d7c3bd886239ae2619276aef10cbce0825f5e6e18dc83bc4066381e8eaf5ef4ec8dfb5c81d3b672e547a74

Download Submit
C:\Windows\System\VKwqqoz.exe

Filesize
6.1MB

MD5
911f50752a3ad9bcdfd3f669426d1e6d

SHA1
b3894a45b7dc4ae176e76730f8b616495e52edc5

SHA256
f845a088d09c1f60d694bd8f494a2292e9bc03478597eacc308778c48debbff0

SHA512
a5f71e0a2bc6aded46d91b1f3e732c0207eceb67851e2a3c6308871530882f7498196c040514962b51c7b8f11dea50a75dfb38501eb1a4c652b93db3828dbd98

Download Submit
C:\Windows\System\XJrghbL.exe

Filesize
6.1MB

MD5
6bb08d6ad73af8c1d1f918b688f9e771

SHA1
f2ec3a28a38f89e0a108594c344abd3b5f4ce39a

SHA256
a59de18a91ec202803a7911c095d7b3970920fd483904b939e5263d10baf8be1

SHA512
f5e27126b865a39051e8e2577353b9978d78e30cf1d3e8f676a06bb9fbc17efc3fd52793c9989ec7465691b195556302c10d109f1bc8cba4812351c1e7bb7c72

Download Submit
C:\Windows\System\YutgBBs.exe

Filesize
6.1MB

MD5
e1c52d558ca9320dc371a9fd8a111ac9

SHA1
aed44cb5dd6fcac0094f6048aaa28e92f0a58954

SHA256
e679cccffed7a376a8325ba6254bd6123f90f3e112dd10452215e9b9cd5ee21a

SHA512
779b2db543eed306abc40e5a8f061739e7a68022e5cb955d3c4ab61ba49aaa3a52d6c9f50ca7a218343707553dd56076237868d3d613dbbafdb9fd421f076be6

Download Submit
C:\Windows\System\ZSWTyQo.exe

Filesize
6.1MB

MD5
e34e1e81ff59a96ad9797aa89372b98a

SHA1
a2485ce64e11107282ba071a43f7233308fd598e

SHA256
3699d9c95bbd105bf19f3456db5176530af779a1cefe96c9b439ef231856e668

SHA512
7e70ea2f0b27717ecb1e15e309a0ad2d5f9042362f76daf6a2e95c4a4159459d205b2d9d0824f0dfd9f2978e75c0587d38535e2b88bbdd28487456e6f6dd1d9d

Download Submit
C:\Windows\System\ZUYwRPj.exe

Filesize
6.1MB

MD5
873a698d5e203704fe8736f6d186df0a

SHA1
e4f21bf0c11734042ac100926b6b23cbcfd0da04

SHA256
234da26a50d64a7fd59cd2fd5dc3c231769c510a5c69dbd972e54e46b2fa1404

SHA512
4d2ce008de61141fbd2132b2df124624c7f3c4970142d152bd72e1188943837371e8edc96ebdbcdcfbeb066c10f292d7dbb26b3109e31f7d9dea49b117297905

Download Submit
C:\Windows\System\ZqAuJpZ.exe

Filesize
6.1MB

MD5
2eabc8c792041c6151f16366751ccab9

SHA1
745bea403eaa2c2c9e3b2ee87f9eb944c18cb3a3

SHA256
af6bc39b368fd9587a5b25bb0a80e44f60c6fa8994a4fc719e8f3c0372410c05

SHA512
705e956a14034a7bcbd64e107ee9430d4d26c1d2d1bfd1750765df0b447c3b5e63595deca457d21dd06c9601c0960724a14d2ec0ffb0c63b2b80e99c78ca31e5

Download Submit
C:\Windows\System\aiMSqAy.exe

Filesize
6.1MB

MD5
2aec96104c57ba4dafd490b891ff1d10

SHA1
1131d2489939c6f6a4f408f4a31f9f1165dd30b5

SHA256
520f0bf06615892996da1ce3b8f6fda7ed7acc9e0c98b531e1a9ef680adb28d4

SHA512
817f5d84619ab6f482e5ff1e52f1829feb875d4ff1f5452f63904640c1df9cc932609de21dd0f31ac269a90db23274090e96ff2b9878093e312937c719e400dc

Download Submit
C:\Windows\System\ckbsobw.exe

Filesize
6.1MB

MD5
e6d1b0ba85f0945e0864643a98c00c26

SHA1
19dab123194c1960e66df4359e0deedfdfe0cc32

SHA256
465fd966cd7cca39ac38c3500de4c567cf746ad2090ebe24d408238138e866c6

SHA512
47264ec3f3a34fe1e15877565837b738bc2d7cc6de69670ff22d8fe69af97cef44cbc31a05b6fade5b3ea75f3f88f05a5841e1d03b5e5beea525ced63fd84c87

Download Submit
C:\Windows\System\coeORCU.exe

Filesize
6.1MB

MD5
c8ea3a46e8eafd8ee203316f626addf6

SHA1
25e0f8f602808815b0477525027077669b404f80

SHA256
a97f9a2bb4f376a52db4247dd7c69e7b471db510dc976ccffb2bca7731005093

SHA512
1ef0bba6176ff9361119c7bfd9ffcbd0f9e79ed3317feb72b8bf2ef2aa8e9c4226017127a449e827fa39a444757e3c3beb0c01286dc4194343f6e805f1de3d37

Download Submit
C:\Windows\System\dDZzNIC.exe

Filesize
6.1MB

MD5
7ebb3f926b0c7bee42f82a29cdb0f8c3

SHA1
668aeb480d25d96bdef3befad870240e0943f849

SHA256
50190688ff83b0ac807919f5e1dacee457a062b397959975ff8de0bcde02c1fc

SHA512
4cba4da72ae5563e167a29d871ec8a05a8fc9d4730f0be85f7251037d86a1ef7837926e139632e8131c869f911ec5873df005525c9c3fb59feedbb98c3ab1314

Download Submit
C:\Windows\System\fSKEKfS.exe

Filesize
6.1MB

MD5
23ffaa783d2761e5a61aa6c6937972d3

SHA1
88fdab6da0633c888ca5805042c2676f5c034971

SHA256
7042f6a0519f50d8f0df44628e94f029e11651ea3afa39eea8b72e76d14d02be

SHA512
5936a195f2e907f61ed32e4813ca9494909e7e77a523e955a9b1f6a60888af25ec57aabbd062d3e7c7e5a6dff25ab885c362a64116279c85239aa4962f8af108

Download Submit
C:\Windows\System\hAVrwjz.exe

Filesize
6.1MB

MD5
af2767c8b61c0760cd47736fa2d8dc76

SHA1
e8914d2bbdf13af9496bb807193e6e4609cef51c

SHA256
73fadec1243202c6bd3b256fffce9f900af06bbb04532b0dbe53ae7734a5b9ad

SHA512
ebb9ef4c8b11797ea24cac6d39fc6137bd066ff9ae5892aec903e9f9721f47894dd603e6045dcb6c54876f4f596c4bab8d16cac6322543b17b175adc0147cfd7

Download Submit
C:\Windows\System\hCYBsoZ.exe

Filesize
6.1MB

MD5
335016632e3f3a57acd46bdb795526fc

SHA1
c2c1d1da833910da9733e9662158f1990fb992ee

SHA256
6e7798c8ca349f418206818d3480de9bbf984294fa5b97b044f98b8bae02fdfd

SHA512
e06bd529b893e5a13a04d3abd634fcb7419404a390585e9be0bcb23f70c83455384c40cbd0c8a64c1c9419477a28d4d2299459769b9c18486c9a279944570744

Download Submit
C:\Windows\System\lUvhaKq.exe

Filesize
6.1MB

MD5
c118740c8ff98e990f51fab5b67874f7

SHA1
ef2607dab284e8544bc276af1159459ebde32a60

SHA256
73c105334ac54bcb114dbbad9534b881a1ab72820526b9c05185b2e80d1783bf

SHA512
d94a0f9529213d64f3661fda47e7a00ee587c53a39f98bd915b01f3f19be36f7204b05e48221c6c943cfb4e187023fc750dcae1615d6d9d97016c4911a172a9f

Download Submit
C:\Windows\System\smisEas.exe

Filesize
6.1MB

MD5
44e89d697a8948015e5063335ae71350

SHA1
76f88263c013d75de8d24d8eef8756b63c412a7e

SHA256
7d4bb064d06ee65175c7b928381d804e82a4421794e71207af81474b1859a18e

SHA512
039b87270ac40eb7d177359b39f41cf86a8eb03bcea01679d72da138b66288223347d0da4363feed61b1084f66740d536e0c0dd350a569fd5018b18b601dc897

Download Submit
C:\Windows\System\uGuKkCI.exe

Filesize
6.1MB

MD5
fbc93eca6fe6f6ca08e4a4a3161abf25

SHA1
ea5ddfc5e4edcbb6ae32412dae634b9b94140aa0

SHA256
78154e1dea4344b868118c453615016ffda13a1333aeca97b14c804615d394f4

SHA512
7005606fc2dc2f94525ab66f1f71dfe4ed2016b1f79d86acbda868e8b8384547faaf3d3ad5f066a9d7104c4ca2d9897e70950bcfe4842aa5e7b9dac9818511fb

Download Submit
C:\Windows\System\xFtqgAJ.exe

Filesize
6.1MB

MD5
ef891662523ed8b86a386af6da379199

SHA1
7b0cd78171212c8a08226bec267612fe2476c29a

SHA256
2a583a1272ee51151bfa8159f6c640e30918378fe56cce47c127d6e6d2d24df5

SHA512
c0cf1950aaee4a3077867fb994bf577b745e0ec9edfe679a4afa61075d4ef0bc1e9fa7fdd5ae5d13fe8fad6ba7525fb1a40699b0f16c6bfe6bd4cae2a26b8d47

Download Submit
C:\Windows\System\xlOqJOf.exe

Filesize
6.1MB

MD5
0f36f7d31c175efbb70444b2524240d6

SHA1
e0399f1983987dea9de1c90d19bc25b02d70833d

SHA256
995a9dbdc8a683dafc314a2dee8191a9b47f50c11b5d53faba5d74a2c2073402

SHA512
f7dad9937f218b2c6f1179e53722025f5dcc60208504ed16aff15b0cf19d095af0a09dd38ee3a73b988f49cb204718d4ced8d28bfc2e1ef2309666850bf1cd20

Download Submit
memory/636-2213-0x00007FF72EC90000-0x00007FF72EFE4000-memory.dmp

Filesize
3.3MB

Download
memory/636-38-0x00007FF72EC90000-0x00007FF72EFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1028-2233-0x00007FF6733E0000-0x00007FF673734000-memory.dmp

Filesize
3.3MB

Download
memory/1028-1806-0x00007FF6733E0000-0x00007FF673734000-memory.dmp

Filesize
3.3MB

Download
memory/1028-174-0x00007FF6733E0000-0x00007FF673734000-memory.dmp

Filesize
3.3MB

Download
memory/1112-157-0x00007FF643700000-0x00007FF643A54000-memory.dmp

Filesize
3.3MB

Download
memory/1112-2220-0x00007FF643700000-0x00007FF643A54000-memory.dmp

Filesize
3.3MB

Download
memory/1112-94-0x00007FF643700000-0x00007FF643A54000-memory.dmp

Filesize
3.3MB

Download
memory/1268-69-0x00007FF62E870000-0x00007FF62EBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-141-0x00007FF62E870000-0x00007FF62EBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-2218-0x00007FF62E870000-0x00007FF62EBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-42-0x00007FF677D50000-0x00007FF6780A4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-108-0x00007FF677D50000-0x00007FF6780A4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-2214-0x00007FF677D50000-0x00007FF6780A4000-memory.dmp

Filesize
3.3MB

Download
memory/1400-12-0x00007FF74FA40000-0x00007FF74FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1400-68-0x00007FF74FA40000-0x00007FF74FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1560-83-0x00007FF7B4F70000-0x00007FF7B52C4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-2210-0x00007FF7B4F70000-0x00007FF7B52C4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-20-0x00007FF7B4F70000-0x00007FF7B52C4000-memory.dmp

Filesize
3.3MB

Download
memory/1768-111-0x00007FF6A9A00000-0x00007FF6A9D54000-memory.dmp

Filesize
3.3MB

Download
memory/1768-183-0x00007FF6A9A00000-0x00007FF6A9D54000-memory.dmp

Filesize
3.3MB

Download
memory/1768-2226-0x00007FF6A9A00000-0x00007FF6A9D54000-memory.dmp

Filesize
3.3MB

Download
memory/2432-33-0x00007FF680040000-0x00007FF680394000-memory.dmp

Filesize
3.3MB

Download
memory/2432-2211-0x00007FF680040000-0x00007FF680394000-memory.dmp

Filesize
3.3MB

Download
memory/2432-89-0x00007FF680040000-0x00007FF680394000-memory.dmp

Filesize
3.3MB

Download
memory/2584-1519-0x00007FF627160000-0x00007FF6274B4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-142-0x00007FF627160000-0x00007FF6274B4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-2227-0x00007FF627160000-0x00007FF6274B4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-25-0x00007FF684650000-0x00007FF6849A4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2212-0x00007FF684650000-0x00007FF6849A4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-88-0x00007FF684650000-0x00007FF6849A4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1878-0x00007FF6E0790000-0x00007FF6E0AE4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2235-0x00007FF6E0790000-0x00007FF6E0AE4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-185-0x00007FF6E0790000-0x00007FF6E0AE4000-memory.dmp

Filesize
3.3MB

Download
memory/3148-2228-0x00007FF72D700000-0x00007FF72DA54000-memory.dmp

Filesize
3.3MB

Download
memory/3148-132-0x00007FF72D700000-0x00007FF72DA54000-memory.dmp

Filesize
3.3MB

Download
memory/3148-1481-0x00007FF72D700000-0x00007FF72DA54000-memory.dmp

Filesize
3.3MB

Download
memory/3252-165-0x00007FF75CDA0000-0x00007FF75D0F4000-memory.dmp

Filesize
3.3MB

Download
memory/3252-2232-0x00007FF75CDA0000-0x00007FF75D0F4000-memory.dmp

Filesize
3.3MB

Download
memory/3252-1750-0x00007FF75CDA0000-0x00007FF75D0F4000-memory.dmp

Filesize
3.3MB

Download
memory/3544-1520-0x00007FF6328C0000-0x00007FF632C14000-memory.dmp

Filesize
3.3MB

Download
memory/3544-143-0x00007FF6328C0000-0x00007FF632C14000-memory.dmp

Filesize
3.3MB

Download
memory/3544-2229-0x00007FF6328C0000-0x00007FF632C14000-memory.dmp

Filesize
3.3MB

Download
memory/3560-2216-0x00007FF61D510000-0x00007FF61D864000-memory.dmp

Filesize
3.3MB

Download
memory/3560-124-0x00007FF61D510000-0x00007FF61D864000-memory.dmp

Filesize
3.3MB

Download
memory/3560-55-0x00007FF61D510000-0x00007FF61D864000-memory.dmp

Filesize
3.3MB

Download
memory/3624-2219-0x00007FF718730000-0x00007FF718A84000-memory.dmp

Filesize
3.3MB

Download
memory/3624-149-0x00007FF718730000-0x00007FF718A84000-memory.dmp

Filesize
3.3MB

Download
memory/3624-77-0x00007FF718730000-0x00007FF718A84000-memory.dmp

Filesize
3.3MB

Download
memory/3628-102-0x00007FF7A97F0000-0x00007FF7A9B44000-memory.dmp

Filesize
3.3MB

Download
memory/3628-173-0x00007FF7A97F0000-0x00007FF7A9B44000-memory.dmp

Filesize
3.3MB

Download
memory/3628-2223-0x00007FF7A97F0000-0x00007FF7A9B44000-memory.dmp

Filesize
3.3MB

Download
memory/3776-2011-0x00007FF617380000-0x00007FF6176D4000-memory.dmp

Filesize
3.3MB

Download
memory/3776-2234-0x00007FF617380000-0x00007FF6176D4000-memory.dmp

Filesize
3.3MB

Download
memory/3776-198-0x00007FF617380000-0x00007FF6176D4000-memory.dmp

Filesize
3.3MB

Download
memory/3976-125-0x00007FF6959A0000-0x00007FF695CF4000-memory.dmp

Filesize
3.3MB

Download
memory/3976-2224-0x00007FF6959A0000-0x00007FF695CF4000-memory.dmp

Filesize
3.3MB

Download
memory/3976-192-0x00007FF6959A0000-0x00007FF695CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4008-0-0x00007FF730350000-0x00007FF7306A4000-memory.dmp

Filesize
3.3MB

Download
memory/4008-1-0x000002B82FF70000-0x000002B82FF80000-memory.dmp

Filesize
64KB

Download
memory/4008-54-0x00007FF730350000-0x00007FF7306A4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-191-0x00007FF770FA0000-0x00007FF7712F4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-118-0x00007FF770FA0000-0x00007FF7712F4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2225-0x00007FF770FA0000-0x00007FF7712F4000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2236-0x00007FF6FFFD0000-0x00007FF700324000-memory.dmp

Filesize
3.3MB

Download
memory/4596-184-0x00007FF6FFFD0000-0x00007FF700324000-memory.dmp

Filesize
3.3MB

Download
memory/4596-1877-0x00007FF6FFFD0000-0x00007FF700324000-memory.dmp

Filesize
3.3MB

Download
memory/4632-2221-0x00007FF7BCB70000-0x00007FF7BCEC4000-memory.dmp

Filesize
3.3MB

Download
memory/4632-87-0x00007FF7BCB70000-0x00007FF7BCEC4000-memory.dmp

Filesize
3.3MB

Download
memory/4632-150-0x00007FF7BCB70000-0x00007FF7BCEC4000-memory.dmp

Filesize
3.3MB

Download
memory/4636-1692-0x00007FF790CC0000-0x00007FF791014000-memory.dmp

Filesize
3.3MB

Download
memory/4636-2231-0x00007FF790CC0000-0x00007FF791014000-memory.dmp

Filesize
3.3MB

Download
memory/4636-158-0x00007FF790CC0000-0x00007FF791014000-memory.dmp

Filesize
3.3MB

Download
memory/4864-1574-0x00007FF73EF90000-0x00007FF73F2E4000-memory.dmp

Filesize
3.3MB

Download
memory/4864-156-0x00007FF73EF90000-0x00007FF73F2E4000-memory.dmp

Filesize
3.3MB

Download
memory/4864-2230-0x00007FF73EF90000-0x00007FF73F2E4000-memory.dmp

Filesize
3.3MB

Download
memory/5020-131-0x00007FF6E4C50000-0x00007FF6E4FA4000-memory.dmp

Filesize
3.3MB

Download
memory/5020-2217-0x00007FF6E4C50000-0x00007FF6E4FA4000-memory.dmp

Filesize
3.3MB

Download
memory/5020-62-0x00007FF6E4C50000-0x00007FF6E4FA4000-memory.dmp

Filesize
3.3MB

Download
memory/5040-61-0x00007FF6CFF30000-0x00007FF6D0284000-memory.dmp

Filesize
3.3MB

Download
memory/5040-7-0x00007FF6CFF30000-0x00007FF6D0284000-memory.dmp

Filesize
3.3MB

Download
memory/5084-95-0x00007FF77D970000-0x00007FF77DCC4000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2222-0x00007FF77D970000-0x00007FF77DCC4000-memory.dmp

Filesize
3.3MB

Download
memory/5084-164-0x00007FF77D970000-0x00007FF77DCC4000-memory.dmp

Filesize
3.3MB

Download
memory/5112-2215-0x00007FF6AD5D0000-0x00007FF6AD924000-memory.dmp

Filesize
3.3MB

Download
memory/5112-117-0x00007FF6AD5D0000-0x00007FF6AD924000-memory.dmp

Filesize
3.3MB

Download
memory/5112-48-0x00007FF6AD5D0000-0x00007FF6AD924000-memory.dmp

Filesize
3.3MB

Download